Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I use eval with two searches and format the result as a Single Value?

rafasalo
Engager
‎12-07-2015 09:54 AM

Hi,

I've done a search that uses eval with two searches to get the final result. Then, I'm trying to see the result as a Single Value, however, as the Single Value uses the first column and my the final result is set on the third one, I can't.

See my search below and the table that results from it.

index= "index_cbo_pt" "AcquirerResponseCode=0" | stats count as Result1 | appendcols [search index= "index_cbo_pt" "AcquirerResponseCode=0" | stats dc(MerchantCheckoutId) as Result2] | eval finalValue = Result1/Result2

alt text

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2015 10:24 AM

If you need all three values, try re-ordering them by adding | table finalValue Result1 Result2 to your query.

If you only need finalValue, try appending | fields finalValue or | table finalValue to your query.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2015 10:24 AM

If you need all three values, try re-ordering them by adding | table finalValue Result1 Result2 to your query.

If you only need finalValue, try appending | fields finalValue or | table finalValue to your query.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

rafasalo
Engager
‎12-07-2015 10:34 AM

Thank you very much!

I was thinking about using the result with timechart, could you help me?

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-07-2015 10:37 AM

Possibly, but for the benefit of future readers, you should submit a new question.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

rafasalo
Engager
‎12-08-2015 01:38 AM

Done. I've submitted here: https://answers.splunk.com/answers/332863/how-do-i-represent-an-eval-result-with-timechart.html?minQ...

0 Karma
Reply
Solved! Jump to solution

rafasalo
Engager
‎12-07-2015 11:04 AM

Ok. I was doing it, however, as I just have 22 points I need to wait until tomorrow. It just doesn't make sense...

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

A Guide To Cloud Migration Success

As enterprises’ rapid expansion to the cloud continues, IT leaders are continuously looking for ways to focus ...