Hello,
We have been importing a particular csv daily into a single index, so the data is nice and clean.
We want to perform 1 search and chart out results .
Field are: Volume, Change, & Price.
Volume needs to be greater than 1
Change needs to be greater than 1
Price needs to be greater than 0.001
These 3 fields will determine results.
We want to then output a table that has the following columns:
Symbol
Volume
Change
Price
We want to then have the flexibility to sort the table results by one of the 3 fields (volume, change, price) listed above in ascending or descending order.
Does the sort need to be included in the search syntax, or can we simply use the Splunk UI to click the column to sort (so far, I don't see this as an option, but I could be doing something wrong).
HERE'S THE KICKER...
The "volume" field must have been 0 at some point in time (remember, we are ingesting results daily), and must have changed to greater than 1 (as per above requirement).
Thanks in advance!
↧