Solved: How to show the Report to display the Top 10 Max v...

rajeswariramar · ‎01-04-2018

Report to show the Top 10 Max values

I want the Report as below

IBD successcont Mintime Maxtime

IBD1 2 3000 11071

IBD2 2 2678 2265

etc

index=* sourcetype=VM_STATS ( Status=SUCCESS ) | stats count, max(TimeTaken) as max, MIN(TimeTaken) as MIN, avg(TimeTaken) as avg by IBD

i want to list the top 10 max values to be retrived....

can you please advice

harsmarvania57 · ‎01-04-2018

Hi,

Please try this

index=* sourcetype=VM_STATS ( Status=SUCCESS ) | stats count, max(TimeTaken) as max, MIN(TimeTaken) as MIN, avg(TimeTaken) as avg by IBD | sort 10 -max

View solution in original post

mayurr98 · ‎01-04-2018

hey try this!

index=* sourcetype=VM_STATS ( Status=SUCCESS ) | stats count, max(TimeTaken) as max, MIN(TimeTaken) as MIN, avg(TimeTaken) as avg by IBD | sort limit=10 max desc

you can use sort command and limit option to limit the number of top values!
Refer this doc.
https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Sort#Description

Let me know if this helps you!

harsmarvania57 · ‎01-04-2018

Hi,

Please try this

index=* sourcetype=VM_STATS ( Status=SUCCESS ) | stats count, max(TimeTaken) as max, MIN(TimeTaken) as MIN, avg(TimeTaken) as avg by IBD | sort 10 -max

How to show the Report to display the Top 10 Max values

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Are you a member of the Splunk Community?

How to show the Report to display the Top 10 Max values

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I