Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to set not continuous number span for bucket value

cheriemilk
Path Finder
‎11-04-2021 05:05 PM

Hi team,

I have such event in splunk that log the employee number in each online meeting. I want to 

find and sats the employee number distribution and percentage%

I have below query that the bin span is continuous number 100.

<baseQuery>
|bin empNumber span=100
|stats count by empNumber
|eventstats sum(count) as total
|eval ratio%=round(empNumber/total*100,2)
|fields - total,empNumber
|sort - ratio%

 

But now the stats requirement is changed. Because 90% online meeting has employee number less than 100, so I want to set such not continuous bins in one query

1) for online meeting that  employee number less than 100, I want to set the bin value to 10

2)for online meeting that employee number greater than 100, I want to set the bin value to 100

And I don't want to query two times, stats by binvalue=100 first, then stats binvalue=10 again. I want to make it happen in one query.

Questions: how to change  my existing query to meet the query requirement.

 

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎11-04-2021 11:43 PM 
| eval empNumber=if(empNumber<100,(floor(empNumber/10)*10)."-".(floor((empNumber+10)/10)*10),(floor(empNumber/100)*100)."-".(floor((empNumber+100)/100)*100))
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...