Splunk Search

How can I get common values from data?

WXY
Path Finder

Now ,I want to get common values from data.
I use this command:

`index="new_1"  |stats list(oper_field)  as gn by department

Now ,I want to get a column to show values which count >=2

For example :
there have two "Model List" . I want to show it in another column

Please help me

alt text

0 Karma
1 Solution

thambisetty
SplunkTrust
SplunkTrust

| eventstats count by oper_field ,department| where count > 1 | stats list(oper_field) as gn by department

————————————
If this helps, give a like below.

View solution in original post

thambisetty
SplunkTrust
SplunkTrust

| eventstats count by oper_field ,department| where count > 1 | stats list(oper_field) as gn by department

————————————
If this helps, give a like below.

WXY
Path Finder

what do you need me to offer you, my data or a sample of the results is shown ?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Sample input and output

————————————
If this helps, give a like below.
0 Karma

WXY
Path Finder

Thank you!
Now I have another question,can you help me?
I want get data which accounted for the largest proportion . such as ,there are two "Model List" ,and all of data are three, the "Model List" is the largest proportion,what should I do?

0 Karma

thambisetty
SplunkTrust
SplunkTrust

Can you give me an example?

————————————
If this helps, give a like below.
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...