https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381998#M111671 <P>The problem is you are counting by host, not by OS.</P> <P>Try this<BR /> index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" | dedup host | join host [search index=windows sourcetype=winregistry key_path="\registry\machine\software\wow6432node\x\master\WindowsVersion" | stats values(data) as OS by host] | stats count values(host) by OS | sort - count limit=10 </P> Fri, 14 Sep 2018 08:56:49 GMT osakachan 2018-09-14T08:56:49Z https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381997#M111670 <P>Hello,</P> <P>I use the table count below :</P> <PRE><CODE>index="wineventlog" sourcetype="wineventlog:*" SourceName="*" Type="Critique" | dedup host | table _time SourceName host | stats count by host | sort - count limit=10 | join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" | stats values(data) as OS by host] | table OS count </CODE></PRE> <P>But in reality, i want not a count each time there is a new host but a global count of the OS</P> <P>For example actually I have:</P> <P>OS Count<BR /> W10 1<BR /> W10 1</P> <P>But i need instead:</P> <P>OS Count<BR /> W10 2</P> <P>Could you help me please??</P> Fri, 14 Sep 2018 08:50:28 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381997#M111670 jip31 2018-09-14T08:50:28Z https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381998#M111671 <P>The problem is you are counting by host, not by OS.</P> <P>Try this<BR /> index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" | dedup host | join host [search index=windows sourcetype=winregistry key_path="\registry\machine\software\wow6432node\x\master\WindowsVersion" | stats values(data) as OS by host] | stats count values(host) by OS | sort - count limit=10 </P> Fri, 14 Sep 2018 08:56:49 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381998#M111671 osakachan 2018-09-14T08:56:49Z https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381999#M111672 <P>I have no results with this code...</P> Sun, 16 Sep 2018 07:23:37 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/381999#M111672 jip31 2018-09-16T07:23:37Z https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/382000#M111673 <P>somebody for helping me please???</P> Sun, 16 Sep 2018 11:19:05 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/382000#M111673 jip31 2018-09-16T11:19:05Z https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/382001#M111674 <P>i have modified the code a few but always the same</P> <PRE><CODE>index="windows" sourcetype="wineventlog:Application" SourceName="*" Type="Critique" OR Type="*" | dedup host | stats count by host |join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" |stats values(data) as OS by host]| table OS count| sort - count limit=10 </CODE></PRE> Sun, 16 Sep 2018 11:31:39 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/382001#M111674 jip31 2018-09-16T11:31:39Z https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/382002#M111675 <P>ohhh i found!!<BR /> i have done this :</P> <PRE><CODE>index="windows" sourcetype="wineventlog:Application" SourceName="*" Type="Critique" OR Type="*" | dedup host | stats count by host |join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\airbus\\master\\WindowsVersion" |stats values(data) as OS by host]| stats count values(host) by OS | table OS count| sort - count limit=10 </CODE></PRE> Sun, 16 Sep 2018 11:38:10 GMT https://community.splunk.com/t5/Splunk-Search/Can-you-help-me-with-my-table-count/m-p/382002#M111675 jip31 2018-09-16T11:38:10Z