Splunk Search

highest - lowest in a row

reverse
Contributor
Date    X   Y   Z   XX  Max Delta 
10/1/2019   315 205 258 270 110
10/2/2019   293 194 235 247 99
10/3/2019   309 210 266 274 99
10/4/2019   312 208 256 266 104
10/5/2019   6   3   0   1   6
10/6/2019   82  35  71  68  47
10/7/2019   270 204 234 249 66
10/8/2019   315 216 271 279 99
10/9/2019   294 197 235 248 97
10/10/2019  314 212 267 277 102
10/11/2019  308 207 256 266 101
10/12/2019  120 11  70  69  109

How to achieve max delta column ?

simply put , highest - lowest for EVERY row ?

Tags (1)
0 Karma

somesoni2
Revered Legend

Try this

your current search giving fields Date X Y Z XX
| untable Date metrics value
| appendpipe [| stats max(value) as max min(value) as min by Date
| eval value=max-min | table Date MaxDelta | eval metrics="Max Delta" ]
| xyseries Date metrics value
0 Karma

reverse
Contributor

| stats max(value) as max min(value) as min by Date.. didn't produce anything ...

0 Karma

somesoni2
Revered Legend

What's the full search you tried??

0 Karma

reverse
Contributor
0 Karma

reverse
Contributor

@Vijeta please look at this.

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!