Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to display a value of zero in a chart for negative values returned in a search?

tohalan
New Member
‎05-19-2016 07:12 AM

Hi Everyone,

Need some help on how to display the output value as zero in a chart when a negative result is returned.

Thank you
Kind regards,

Tags (2)
0 Karma
Reply

javiergn
Super Champion
‎05-19-2016 07:25 AM

If I understand correctly, you just want to return 0 if the value is negative, right?
If that's the case:

your base search
| eval myNewValue = if(oldValue < 0, 0, oldValue)
| chart foo bar by myNewValue

If not please provide an example

0 Karma
Reply

tohalan
New Member
‎11-04-2024 05:24 PM

Bingo, thanks a lot and it works

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...