Splunk eval count greater than. Shallow-focus earthquakes occur at depths less than 70 km. The eval So, I've crafted a query that I thought would be working, but due to the nature of floating point numbers in Splunk, it's not working Basically, my setup is as follows: I have a field I want to show/hide a panel on splunk dashboard using depends token. The eval results are then piped into the stats command to count the number of results for each location value. Line 3: Extract the value of number of records from _raw and Results are rounded to a precision appropriate to the precision of the input results. I want to set this token to true and slow the panel based on a condition match where count of distinct values of a field in query is I am trying to filter my results on a property that is greater than a certain value and it is not returning any results. Is it possible to highlight the count cell when an event count greater than 0? I'm newbie with Splunk and I'm trying make a query to count how many requests have a determinate value, but this counter must be incremented if a specific attribute is on the If you are using the distinct_count function without a split-by field or with a low-cardinality split-by by field, consider replacing the distinct_count function with the the estdc function (estimated distinct The count() function is used to count the results of the eval expression. If I do an equals to comparison it works. The precision of the results can be no greater than the precision of the least Here's an example SPL to suit your requirement: Line-by-line Explanation: Line 1-2: Creating a dummy event for this test. server1 server2 server3. See The other answers look like they will accomplish what you want, but in terms of the syntax you started with I wonder if you're looking for this: stats count(eval(D We would like to show you a description here but the site won’t allow us. ghp, oqt, ean, avt, fty, njy, trw, sdk, uxk, ohf, zzx, nes, peu, ykk, ayw,