Splunk Search

How do I iterate through a result set and fetch the data for each result?

Anantha123
Communicator

I have a query to retrieve "Item_Number " in table. The results will be as below...

..| table Item_Number 

Item_Number
1234
2345
4567

Now, I want to calculate count for each of these "Item Number " .

I used below query to get the count .

|table Item_Number |  map search="search index=* $Item_Number$|stats count as cnt" 

but I am getting zero results .

Please suggest how to achieve this count for each result values of "Item_Number "

Thanks in Advance.

Tags (2)
0 Karma

arkadyz1
Builder

Count of all instances of each value? If yes, try | stats count by Item_Number instead of table. stats generates values in such a way that you can use this search to power a table on a form/dashboard.

0 Karma

Vijeta
Influencer

try using

\"$Item_Number$\" instead of $Item_Number$

0 Karma

Anantha123
Communicator

Thanks for quick reply Vijeta, but its not working. I am still getting count 0's .

0 Karma

Anantha123
Communicator

my query worked when I gave $$Item_Number$$..
your answer "\"$Item_Number$\"" also helped me when i had to use with eval ..like |eval ItemNo=\"$Item_Number$\"| ..
Thank you so much Vijeta.
Sorry for late reply.

0 Karma

Vijeta
Influencer

No problem. Glad it worked!

0 Karma

Vijeta
Influencer

@ananthan123 can you please accept the answer .

0 Karma

Vijeta
Influencer

try using fields instead of table in main search

0 Karma

Anantha123
Communicator

Yeah Vijeta, I even tried with fields and used the syntax that you shared . But did not helped me getting the count .

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...