https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436654#M7865 <P>thanks a lot it s perfect</P> Thu, 18 Oct 2018 06:56:44 GMT jip31 2018-10-18T06:56:44Z https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436651#M7862 <P>Hello</P> <P>I use the code below in order to count the number of hosts by OS and by build. But, it doesn't work.<BR /> Could you help me please??</P> <PRE><CODE>host=* index="windows" sourcetype="wineventlog" SourceName="*" Type="Critique" OR Type="*" | dedup host | stats count by host | join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" OR key_path="\\registry\\machine\\software\\microsoft\\windows nt\\currentversion\\ReleaseId" |eval OS=if(key_path=="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion",data, null), Build=if(key_path=="\\registry\\machine\\software\\microsoft\\windows nt\\currentversion\\ReleaseId",data,null) | stats values(data) as OS by host] | stats count values(host) by OS, Build | rename count as Total | table OS Build Total | sort -Total limit=10 </CODE></PRE> Wed, 17 Oct 2018 14:10:31 GMT https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436651#M7862 jip31 2018-10-17T14:10:31Z https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436652#M7863 <P>Give this a try</P> <PRE><CODE>host=* index="windows" sourcetype="wineventlog" SourceName="*" Type="Critique" OR Type="*" | dedup host | stats count by host | append [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" OR key_path="\\registry\\machine\\software\\microsoft\\windows nt\\currentversion\\ReleaseId" |eval OS=if(key_path=="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion",data, null), Build=if(key_path=="\\registry\\machine\\software\\microsoft\\windows nt\\currentversion\\ReleaseId",data,null) | stats latest(OS) as OS latest(Build) as Build by host ] | stats values(OS) as OS values(Build) as Build by host | stats count as Total by OS Build | sort -Total limit=10 </CODE></PRE> Wed, 17 Oct 2018 14:25:59 GMT https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436652#M7863 somesoni2 2018-10-17T14:25:59Z https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436653#M7864 <P>i think <BR /> <CODE>| stats count values(host) by OS, Build</CODE><BR /> is wrong..</P> <P>try - <BR /> <CODE>index=* | stats values(host) as HostCount by OS Build</CODE></P> Wed, 17 Oct 2018 14:34:51 GMT https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436653#M7864 inventsekar 2018-10-17T14:34:51Z https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436654#M7865 <P>thanks a lot it s perfect</P> Thu, 18 Oct 2018 06:56:44 GMT https://community.splunk.com/t5/Splunk-Dev/Can-you-help-me-count-the-values-of-two-different-fields/m-p/436654#M7865 jip31 2018-10-18T06:56:44Z