Hi Team,
As per below output I want to know the exact count of disconnected status of each server_name by ignoring the duplicate counts.
As we are using script from splunk to ingest the server status every 5 min, once slunk triggered an alert with server is disconnected, we are manually starting and it will take 15-20 min, in between 3/4 times script will execute and ingest the server status into splunk .
in this if count the total count if disconnected state by using stats count it will include the duplicate count as well, but we need to identify the exact count.
Server_Name Status
server1.example.com disconnected
server1.example.com disconnected
server1.example.com connected
server1.example.com connected
server1.example.com connected
server1.example.com disconnected
server1.example.com disconnected
server1.example.com connected
server1.example.com connected
server1.example.com connected
server2.example.com disconnected
server2.example.com disconnected
server2.example.com disconnected
server2.example.com disconnected
server2.example.com disconnected
server2.example.com connected
server2.example.com connected
server2.example.com disconnected
server2.example.com disconnected
server2.example.com connected
server3.example.com connected
server3.example.com disconnected
server3.example.com disconnected
server3.example.com disconnected
server3.example.com connected
server3.example.com disconnected
server3.example.com disconnected
server3.example.com disconnected
server3.example.com connected
server3.example.com connected
server3.example.com disconnected
server3.example.com disconnected
server3.example.com disconnected
server3.example.com connected
as per above result we are expecting disconnected count of each server is
server1.example.com - disconnected - count=2
server2.example.com - disconnected - count=2
server3.example.com - disconnected - count=3
any logic , please suggest ...
