Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to show the most common non-null value in every field?

seajay1221
Engager
‎05-20-2022 02:47 PM

I have an index with ~200 fields and need to know the single most common non-null value for each field. How do I uncover that with Splunk?

In this example, I'd start here:

FruitsSizesIntegers
apple 1
bananalarge10
strawberry 3
apple 3
blueberrylarge2

 

And would aim to end up here:

FruitsSizesIntegers
applelarge3

 

I don't have a test query to share since I'm not sure how to begin approaching this, and haven't seen anything on the forum here that is a close match. Would greatly appreciate any insights into how to get this done!

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-20-2022 11:58 PM

As @richgalloway  use the mode function - if you don't want to list all 200 fields on the stats command, try this

| stats mode(*) as *

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎05-20-2022 11:58 PM

As @richgalloway  use the mode function - if you don't want to list all 200 fields on the stats command, try this

| stats mode(*) as *
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎05-20-2022 05:13 PM

Try the stats command with the mode function.

| stats mode(Fruits) as Fruits, mode(Sizes) as Sizes, mode(Integers) as Integers

 

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...