I have a splunk query that forms table like this
Time Type Msg
10/1/2019 0:00 1 xyz
10/2/2019 0:00 2 xyz
10/3/2019 0:00 3 xyz
10/4/2019 0:00 4 xyz
10/5/2019 0:00 1 xyz
10/6/2019 0:00 1 xyz
10/7/2019 0:00 2 xyz
10/8/2019 0:00 2 xyz
10/9/2019 0:00 3 xyz
10/10/2019 0:00 3 xyz
10/11/2019 0:00 4 xyz
10/12/2019 0:00 3 xyz
How do i retain only the rows in the table where the count(type) is <3. So in this case i want the rows with type 4 to be removed because the count of events is less than 3.
↧