Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

grouping data in search

joegrossman
Explorer
‎05-07-2012 05:50 PM

I am serching a log that has statuses. When I run the search and chart it, I get a bar for each status. There are, say, 10 statuses. Instead, I want to group the data into 2 results: one result is the count of status < 400, and the other is the count of status >= 400. Any idea how I get this?

Tags (1)
Reply

kristian_kolb
Ultra Champion
‎05-08-2012 12:08 AM

Like this.

   ... | stats c(eval(status<400)) AS low c(eval(status>=400)) AS high

Please note that you need to rename the fields with AS like above.

EDIT: changed so that the exact value of 400 would be counted as 'high'.

Hope this helps,

Kristian

Reply

kristian_kolb
Ultra Champion
‎05-08-2012 12:13 PM

Good to hear. Please mark as answered and/or upvote. Thanks, Kristian

0 Karma
Reply

joegrossman
Explorer
‎05-08-2012 12:08 PM

Thanks Kristian! This worked. I tweaked it a bit because I hadn't put my question clearly, but your syntax worked. Here is what I ended up with:
...| timechart c(eval(status>400)) AS FAILURE c(eval(status<=400)) AS SUCCESS

0 Karma
Reply

mwhite_splunk
Splunk Employee
Splunk Employee
‎05-07-2012 06:17 PM

Can you please paste the search you are currently using to do this?

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...