Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

To eliminate numbers

ncbshiva
Communicator
‎05-02-2013 08:51 PM

Hi this my search results
COUNTRY avg(TIME_TAKEN_IN_DAYS_TO_COMPLETE_THE_ORDER)
1 268647320 462.000000
2 268647324 404.000000
3 268647325 483.000000
4 268713740 90.000000
5 268755211 95.000000
6 268755212 81.000000
7 268910904 47.000000
8 ALBANIA 78.885057
9 ALGERIA 162.192308
10 ANDORRA 72.083333
11 ANGOLA 87.625000
12 ARGENTINA 131.596965
13 ARMENIA 124.333333
14 AUSTRALIA 119.199497
15 AUSTRIA 140.973917
16 AZERBAIJAN 136.800000
17 BAHAMAS 200.375000
18 BAHRAIN 102.406360

I want only countries to be displayed,i want to eliminate first numbers from COUNTRY field.

My search query is
source="-----------------------------" NOT "COUNTRY" ORDER_END_DATE!=" " | table CUS_OBJID,COUNTRY,CITY,ORDER_CREATED_DATE,ORDER_END_DATE | eval j2=ORDER_END_DATE | eval j1=ORDER_CREATED_DATE | eval d1=strptime(j1,"%d-%b-%y") |eval d2=strptime(j2,"%d-%b-%y") | eval TIME_TAKEN_IN_DAYS_TO_COMPLETE_THE_ORDER = (d2-d1)/86400 | eval TIME_TAKEN_IN_DAYS_TO_COMPLETE_THE_ORDER=round(TIME_TAKEN_IN_DAYS_TO_COMPLETE_THE_ORDER,2) |table COUNTRY,CITY,TIME_TAKEN_IN_DAYS_TO_COMPLETE_THE_ORDER | stats avg(TIME_TAKEN_IN_DAYS_TO_COMPLETE_THE_ORDER) by COUNTRY

Please help me

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎05-02-2013 11:57 PM

As a general tip regarding your search - you don't need the two table command you have in there.

You can get rid of the country values starting with a digit by adding a where command after your initial search command...

source="-----------------------------" NOT "COUNTRY" ORDER_END_DATE!=" " | where !match(COUNTRY,"^\d") | ...

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎05-02-2013 11:57 PM

As a general tip regarding your search - you don't need the two table command you have in there.

You can get rid of the country values starting with a digit by adding a where command after your initial search command...

source="-----------------------------" NOT "COUNTRY" ORDER_END_DATE!=" " | where !match(COUNTRY,"^\d") | ...
Reply
Solved! Jump to solution

Ayn
Legend
‎05-03-2013 02:02 AM

No problem. Please mark my answer as accepted if it solved your problem.

0 Karma
Reply
Solved! Jump to solution

ncbshiva
Communicator
‎05-03-2013 01:46 AM

thanks.................

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...