Solved: 4 students are attempting for exams multiple times...

sunil04mca · ‎09-03-2020

Student_name Status marks

john fail 30

han fail 10

ram fail 20

vish Pass 50

han Pass 90

ram Pass 50

The output should be - as ram as passed in second attempt

Student_name Status marks

john fail 30

han fail 10

Nisha18789 · ‎09-03-2020

hi @sunil04mca , you can use this after your main query

....| stats latest(status) as status by user | search status="fail"

View solution in original post

Nisha18789 · ‎09-03-2020

hi @sunil04mca , you can use this after your main query

....| stats latest(status) as status by user | search status="fail"

sunil04mca · ‎09-08-2020

@Nisha18789 This query will work for above table , but when i am trying to combine and extract from 2 tables , i am not getting.
table-1 student name , marks and status,
table-2 we have student details. should extract address and DOB.
Need a report as student-name, status,address and DOB.

Can u pls help on this

sunil04mca · ‎09-08-2020

Thanks @Nisha18789 , this is working as expected..

iamkilarunaresh · ‎09-03-2020

use stats latest(status) as status | search status=fail

4 students are attempting for exams multiple times , need to extract only failed student details, can any one help

alert condition

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!