Solved: How to add a table column that does operations in ...

HattrickNZ · ‎02-16-2016

if I have a search that gives me something like this:

how do I add a column d that would do an operation (row2columnC - row1columnC, row3columnC - row2columnC ... all the way down ) in each cell in column d(jsut want to show the value in column d)

a b c d  
1 2 3 3-0=3
4 5 6 6-3=3
7 8 9 9-6=3

I am thinking it would be ...| eval = ?? or something like this...

renjith_nair · ‎02-16-2016

Try this

your search |delta c as difference p=1|fillnull value=0 difference

Happy Splunking!

View solution in original post

gyslainlatsa · ‎02-17-2016

don't using eval

use the command deltawho working like that:

For each event where field is a number, the `delta command` computes the difference, in search order, between the field value for the event and the field value for the previous event

next try this

your search |delta c as d

somesoni2 · ‎02-16-2016

Try something like this

your current search giving fields a,b,c | delta c as d | eval d=coalesce(d,c)

HattrickNZ · ‎03-08-2016

what does eval d=coalesce(d,c) do here? I can't seem to see the difference. Or do i need a null value to see it working?

http://docs.splunk.com/Documentation/Splunk/6.1/SearchReference/Commonevalfunctions

renjith_nair · ‎02-16-2016

Try this

your search |delta c as difference p=1|fillnull value=0 difference

Happy Splunking!

HattrickNZ · ‎03-31-2016

How to add a table column that does operations in each cell based on the values from another column?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor