topic How to make a search for some analytics with SPL? in Getting Data In https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656201#M111146 <P>Hi,</P><P>I need some analytics result in Splunk but i couldn't achieve. Here what i need.</P><P>1) Which EventIDs is repeated in which hostnames? I need this count based. EventID, Hostname and Count</P><P>2) Which EventIDs is used in which alerts (correleation searches and saved searches)? EventID, Alert Name</P><P>3) Which EventIDs triggered which alerts? EventID, Alert Name and count</P> Thu, 31 Aug 2023 07:05:49 GMT 10061987 2023-08-31T07:05:49Z How to make a search for some analytics with SPL? https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656201#M111146 <P>Hi,</P><P>I need some analytics result in Splunk but i couldn't achieve. Here what i need.</P><P>1) Which EventIDs is repeated in which hostnames? I need this count based. EventID, Hostname and Count</P><P>2) Which EventIDs is used in which alerts (correleation searches and saved searches)? EventID, Alert Name</P><P>3) Which EventIDs triggered which alerts? EventID, Alert Name and count</P> Thu, 31 Aug 2023 07:05:49 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656201#M111146 10061987 2023-08-31T07:05:49Z Re: How to make a search for some analytics with SPL? https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656203#M111147 <P>I found 1. item with this search.</P><P>index=wineventlog<BR />| stats count by EventCode, host<BR />| where count &gt; 1<BR />| sort -count<BR />| table EventCode, host, count</P><P>&nbsp;</P><P>I need 2 and 3rd items</P> Thu, 31 Aug 2023 07:17:16 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656203#M111147 10061987 2023-08-31T07:17:16Z Re: How to make a search for some analytics with SPL? https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656206#M111148 <P>I tried below search for 2nd question but didn't work.</P><P>P.S: In my environment we parsed EventID as EventCode</P><P>| rest /services/saved/searches<BR />| search is_scheduled=1 OR alert_type=1<BR />| table title, actions<BR />| mvexpand actions<BR />| rex field=actions ".*EventCode=(?&lt;EventCode&gt;\d+).*"<BR />| stats count by EventCode, title</P><P>&nbsp;</P><P>Please help me..</P> Thu, 31 Aug 2023 07:32:52 GMT https://community.splunk.com/t5/Getting-Data-In/How-to-make-a-search-for-some-analytics-with-SPL/m-p/656206#M111148 10061987 2023-08-31T07:32:52Z