Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to limit results with a condition before retrieving the final results

smirambe
Engager
‎11-16-2016 05:31 AM

Dear experts,

I apologize but I am new on Splunk and I have a question which can be really simple for you ...

I have just uploaded a file Inside Splunk for SAP jobs analyzing. The format is really simple :
JobName | StartDate | Duration

I have retrieved the jobs with the highest execution duration by the search -> stats count(JobName) avg(Duration_sec) by JobName

However, I want to add the following condition "Only the JobName with more than 100 exécutions should be counted".

How can I modify my query ?

Thanks really in advance.

Regards.

Stéphane

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-16-2016 07:00 AM

Perhaps this is what you are looking for.

stats count(JobName) as Executions avg(Duration_sec) by JobName | where Executions > 100
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

smirambe
Engager
‎11-16-2016 09:05 AM

Thanks really for all, both solutions work perfectly. The second one is perhaps simplest ...

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-16-2016 07:00 AM

Perhaps this is what you are looking for.

stats count(JobName) as Executions avg(Duration_sec) by JobName | where Executions > 100
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

TiagoTLD1
Communicator
‎11-16-2016 06:29 AM

Hi

1st scenario: gives you the jobs that were executed more than 100 times

| stats count(JobName) AS COUNTER avg(Duration_sec) AS AVG_DURATION by JobName | where COUNTER>100 | table JobName, AVG_DURATION

2nd scenario: if you want to calculate the avg_duration of jobs that were executed more than 100 times, you can do this:

| eventstats count(JobName) AS COUNTER by JobName | where COUNTER>100 | stats avg(Duration) as AVG_DURATION by JobName | table JobName, AVG_DURATION

That returns only the

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...