Hi all, thank you for the tips. I'm trying the following approach, i created a dataset with the global statistics of each table. Now, i'm trying to join the results of my search with the results of my dataset where the column "Table" is the same, for i can create a column "IsOutlier" using a if statement reading my dataset. I wanted to do something like this: ... my search that returns table_name and number_rows | eval isOutlier=if(number_rows < mydataset.lowerBound where mydataset.table = "table_name" OR number_rows > mydataset.upperBound where mydataset.table = table_name, 1, 0) What's the right way to write such a statement on a Splunk Search?
... View more