Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to genterate list of data by giving max and min limit?

DS904458
Explorer
‎12-26-2022 02:39 AM

Hi,
I need genterate list of data by giving max and min range.
But I can't find a command (function) doing that.

I will set max = 50 and min = 10 for following example.

I think there's two way to do it by giving different argument.
1.
Set max = 50 ,  min = 10,  output amount(length) of data = 7.
Then I will recevice the output like:
[10,   16.66,   23.32,   29.98,   36.64,   43.3,   50]
In this case, I won't need set an interval.
I only need give how many outcome I want to receive.

2.
Set max = 50 ,  min = 10,  interval = 8.1.
Then I will recevice the output like:
[10,   18.1,   26.2,   34.3,   42.4,   50.5]
The last(max data) can received 50 or 50.5, all works for me.
In this case, I won't need set how many data I want to receive.
I only need give the interval.

Both way is aim to receive a list of data.
Personally, I prefer No.1 solution, it is closer my need.

By the way, I hope the output data can be a list or mutivalue.

Labels (1)
Labels
Tags (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎06-05-2023 11:46 PM 
| eval min=10,max=50,count=7
| eval list=mvrange(0,count)
| eval list=mvmap(list,round(min+(list*(max-min)/(count-1)),2))
0 Karma
Reply

danspav
SplunkTrust
SplunkTrust
‎06-05-2023 11:17 PM

Hi @DS904458,

 

Depending on how you want to use the list of numbers, you may be able to use a macro.

E.g. this search:

index=_internal sourcetype=splunkd
| eval list= `generate_list(50,10,7)`
| makemv list delim=" "
| table _time, sourcetype, list


Returns a list of 7 numbers from 10 to 50 :

danspav_0-1686031943384.png

The macro definition is:

[generate_list(3)]
args = max,min,length
definition = [|makeresults count=$length$\
| streamstats count as id\
|eval value=if(id=1,$min$, round($min$ + (id-1) * (($max$ - $min$) / ($length$ - 1)),1))\
| stats list(value) as value\
| nomv value\
| eval value="\"" . value . "\""\
| return $value]
errormsg = Please only enter numbers for: Max, Min, Length.
iseval = 0
validation = tonumber(max) >0 AND tonumber(min) >-1  AND tonumber(length) >0

 

danspav_1-1686032018707.png


It could also be used as the search for a dropdown on a dashboard, e.g.:

| makeresults
| eval list=`generate_list(50,10,7)`
| makemv list delim=" "
| mvexpand list
| table list


Does that help?

Cheers,
Daniel

 

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...