Variable storage

Kendrick33 · ‎11-22-2010

I am performing some math functions in splunk.I am doing a search that will calculate the percentage of each data type. What variable can I use to store values without them having to be charted until the end of my search.

For example:

chart avg(db_abc_p) as anr, avg(db_efg) as enr, avg(db_hij) as hnr, avg(db_total) as Total | eval percentANR=(anr/Total)*100 | eval percentENR (enr/Total)*100 | eval percentHNR=hnr/Total)*100

what I end up with is valueS outputed for all seven variables, when all I really want is to display the values for : percentANR, percentENR, percentHNR

sfleming · ‎11-23-2010

or... for a simple table display,

... | table percentANR, percentENR, percentHNR

The table command will output the columns in the order you specify.

southeringtonp · ‎11-22-2010

Use the fields command to limit the display to just those you want to keep:

| fields percentANR, percentENR, percentHNR

gkanapathy · ‎11-22-2010

Or ... | fields - unwantedfield to remove specific fields.

Variable storage

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation

Variable storage

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions