How to display other fields on the same row when aggregating using stats max(field)? Thank you for your help. For example: I am trying to display the same row that has the highest TotalScore=240 ...
See more...
How to display other fields on the same row when aggregating using stats max(field)? Thank you for your help. For example: I am trying to display the same row that has the highest TotalScore=240 Class Name Subject TotalScore Score1 Score2 Score3 ClassA Name2 English 240 80 90 70 My Splunk Search | index=scoreindex | stats values(Name) as Name, values(Subject) as Subject, max(TotalScore) as TotalScore, max(Score1) as Score1, max(Score2) as Score2, max(Score3) as Score3 by Class | table Class Name, Subject, Total Score, Score1, Score2, Score3 I think my search below is going to display the following. Class Name Subject TotalScore Score1 Score2 Score3 ClassA Name1 Name2 Name3 Math English 240 85 95 80 This is the whole data in table format from scoreindex Class Name Subject TotalScore Score1 Score2 Score3 ClassA Name1 Math 170 60 40 70 ClassA Name1 English 195 85 60 50 ClassA Name2 Math 175 50 60 65 ClassA Name2 English 240 80 90 70 ClassA Name3 Math 170 40 60 70 ClassA Name3 English 230 55 95 80