https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145112#M40406 <P>I'm new to Splunk and I have been searching for a way to do faceted search, similarly to what I have been doing with Solr. BUt no success so far. Hope you can give me a hand on this.</P> <P>Imagine I have the following data sample.</P> <P>PARAMETER01 | PARAMETER02 | PARAMETER03<BR /> house | road | road<BR /> car | tree | house<BR /> road | car | car<BR /> tree | car | house</P> <P>What I want to know is how many times a search matches a specific field. For instance, I want to be able to search for "house" and get the following results:</P> <P>PARAMETER01: 1<BR /> PARAMETER02: 0<BR /> PARAMETER03: 2</P> <P>Can I do this with Splunk?<BR /> Thank you in advance.</P> Tue, 28 Jul 2015 11:26:46 GMT bemantunes 2015-07-28T11:26:46Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145112#M40406 <P>I'm new to Splunk and I have been searching for a way to do faceted search, similarly to what I have been doing with Solr. BUt no success so far. Hope you can give me a hand on this.</P> <P>Imagine I have the following data sample.</P> <P>PARAMETER01 | PARAMETER02 | PARAMETER03<BR /> house | road | road<BR /> car | tree | house<BR /> road | car | car<BR /> tree | car | house</P> <P>What I want to know is how many times a search matches a specific field. For instance, I want to be able to search for "house" and get the following results:</P> <P>PARAMETER01: 1<BR /> PARAMETER02: 0<BR /> PARAMETER03: 2</P> <P>Can I do this with Splunk?<BR /> Thank you in advance.</P> Tue, 28 Jul 2015 11:26:46 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145112#M40406 bemantunes 2015-07-28T11:26:46Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145113#M40407 <P>You can do it as a one-off like this:</P> <PRE><CODE> ... | stats count(eval(PARAMETER01="house")) AS PARAMETER01 count(eval(PARAMETER02="house")) AS PARAMETER02 count(eval(PARAMETER03="house")) AS PARAMETER03 </CODE></PRE> <P>But you should probably convert this to a macro which you can call like this:</P> <PRE><CODE>... | `MyMacro("house")` </CODE></PRE> Wed, 29 Jul 2015 00:43:57 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145113#M40407 woodcock 2015-07-29T00:43:57Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145114#M40408 <P>Thanks woodcock!</P> <P>It worked like expected. I just changed it a little bit to be able to do a more robust search:</P> <PRE><CODE>... | stats count(eval(searchmatch("PARAMETER01=*house*")) AS PARAMETER01 count(searchmatch("PARAMETER02=*house*")) AS PARAMETER02 count(searchmatch("PARAMETER03=*house*")) AS PARAMETER03 </CODE></PRE> Wed, 29 Jul 2015 09:52:21 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145114#M40408 bemantunes 2015-07-29T09:52:21Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145115#M40409 <P>Hi everyone,</P> <P>I found the solution provided to be very slow, especially when we have a considerable number of fields to search.</P> <P>Is there an alternative way to get the same results?<BR /> Or is there any way to optimize the Splunk dataset to improve this kind of search?</P> <P>Thanks in advance.</P> Wed, 07 Oct 2015 11:17:16 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145115#M40409 bemantunes 2015-10-07T11:17:16Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145116#M40410 <P>Using <CODE>stats</CODE> is the most efficient (quickest) way to do this kind of thing.</P> Wed, 07 Oct 2015 12:40:42 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-do-faceted-search-with-Splunk-similarly-to/m-p/145116#M40410 woodcock 2015-10-07T12:40:42Z