Splunk Search

highest - lowest in a row

reverse
Contributor
Date    X   Y   Z   XX  Max Delta 
10/1/2019   315 205 258 270 110
10/2/2019   293 194 235 247 99
10/3/2019   309 210 266 274 99
10/4/2019   312 208 256 266 104
10/5/2019   6   3   0   1   6
10/6/2019   82  35  71  68  47
10/7/2019   270 204 234 249 66
10/8/2019   315 216 271 279 99
10/9/2019   294 197 235 248 97
10/10/2019  314 212 267 277 102
10/11/2019  308 207 256 266 101
10/12/2019  120 11  70  69  109

How to achieve max delta column ?

simply put , highest - lowest for EVERY row ?

Tags (1)
0 Karma

somesoni2
Revered Legend

Try this

your current search giving fields Date X Y Z XX
| untable Date metrics value
| appendpipe [| stats max(value) as max min(value) as min by Date
| eval value=max-min | table Date MaxDelta | eval metrics="Max Delta" ]
| xyseries Date metrics value
0 Karma

reverse
Contributor

| stats max(value) as max min(value) as min by Date.. didn't produce anything ...

0 Karma

somesoni2
Revered Legend

What's the full search you tried??

0 Karma

reverse
Contributor
0 Karma

reverse
Contributor

@Vijeta please look at this.

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...