Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Auto Group Result

yap
Explorer
‎02-21-2013 12:03 AM

Hi,

I would like to group my product based on weight.

Sample logs are:

Product ID | Weight

00368001a1 | 1.4kg

00368001d1 | 1.3kg

00368002a1 | 0.9kg

00368003a1 | 2.0kg

00368004a1 | 1.5kg

I need to set weight(+ or - between 0.5).
0.5 - 1.4kg as A and 1.5 - 2.4kg is group as B
Instead of manually defining as what I am currently doing:
| eval total_weight=case(weight<0.5,"A",weight<1.4,"B",weight<2.4,"C") | stats count by total_weight
Any help is greatly appreciated.

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-21-2013 01:27 AM

Bucket with a span of 1 would give you +/-0.5kg values, you just have to strip off the "kg" first to make it numerical. I'm not sure if you can do 0.5-1.5 groups though, it tends to create 0-1 buckets instead. If all else fails, shift your weights up by half a kilo 🙂

0 Karma
Reply

yap
Explorer
‎02-21-2013 01:35 AM

Thanks Martin

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...