https://community.splunk.com/t5/Splunk-Search/Count-Issues/m-p/436622#M124422 <P>try use the <CODE>stats</CODE> command, understand the attributes and the <CODE>by</CODE> clause. and also work on your arguments of the <CODE>bin</CODE> / <CODE>bucket</CODE> commands<BR /> read here:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Bin">https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Bin</A></P> <PRE><CODE>index=x sourcetype=x host=* | bucket _time span=1day | stats count by host _time </CODE></PRE> <P>hope it helps</P> Wed, 01 May 2019 23:25:26 GMT adonio 2019-05-01T23:25:26Z https://community.splunk.com/t5/Splunk-Search/Count-Issues/m-p/436621#M124421 <P>I'm trying to count all my data by each day of the week each time a host is hit. <BR /> EX: machine a has a script run once Monday, and Tuesday and three times on Wednesday. I just wanna track how many times a week it's hit per week. I know I can bucket _time but can't get the count function to properly display the info. </P> <P>index=x sourcetype=x host=*<BR /> | bucket _time span=day<BR /> | count by host by day</P> <P>Any help would be much appreciated</P> Wed, 01 May 2019 21:37:17 GMT https://community.splunk.com/t5/Splunk-Search/Count-Issues/m-p/436621#M124421 garrettpelak5 2019-05-01T21:37:17Z https://community.splunk.com/t5/Splunk-Search/Count-Issues/m-p/436622#M124422 <P>try use the <CODE>stats</CODE> command, understand the attributes and the <CODE>by</CODE> clause. and also work on your arguments of the <CODE>bin</CODE> / <CODE>bucket</CODE> commands<BR /> read here:<BR /> <A href="https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Bin">https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Bin</A></P> <PRE><CODE>index=x sourcetype=x host=* | bucket _time span=1day | stats count by host _time </CODE></PRE> <P>hope it helps</P> Wed, 01 May 2019 23:25:26 GMT https://community.splunk.com/t5/Splunk-Search/Count-Issues/m-p/436622#M124422 adonio 2019-05-01T23:25:26Z