Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Require Splunk query

khursheed
New Member
3 weeks ago

Hi

Below data is dynamic, sample input table is given below, rows are order may vary (for simplicity I have put the data in order to understand easily).  

Input:

Feature Name

Browser Name

Result

Feature 1

B1

Pass

Feature 1

B1

Pass

Feature 1

B1

Pass

Feature 1

B1

Pass

Feature 1

B2

Fail

Feature 1

B2

Pass

Feature 1

B2

Pass

Feature 1

B2

Pass

Feature 1

B3

Pass

Feature 1

B3

Pass

Feature 1

B3

Pass

Feature 1

B3

Fail

Feature 1

B4

Pass

Feature 1

B4

Pass

Feature 1

B4

Fail

Feature 1

B4

Pass

 

Based on the above input table, output needs to be generated as listed below.  Cumulative result needs to be generated based on the browser name and result for each feature.  If any one of result fails on particular a browser, feature is considered failed.  

Output:

Feature 1

B1

Pass

Feature 1

B2

Fail

Feature 1

B3

Fail

Feature 1

B4

Fail

 

Would you please help me to generate expected output as listed.

Labels (4)
Labels
Tags (3)
0 Karma
Reply

somesoni2
Revered Legend
3 weeks ago

Try something like this

Your Base search fetching fields "Feature Name","Browser Name",Result
| stats count(eval(Result="Fail")) as Result by "Feature Name","Browser Name"
| eval Result=if(Result>0,"Fail","Pass")
0 Karma
Reply

ITWhisperer
Legend
3 weeks ago 
| stats values(Result) as Result by 'Browser Name' 'Feature Name'
| eval Result=mvindex(Result,0)
0 Karma
Reply
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!

Get Updates on the Splunk Community!