Archive

Query for eventcount

Contributor

I have a lookup file with indexes in it, I want a query i need the eventcount of the indexes mentioned in the lookup table for 24 hrs

Tags (1)
0 Karma

SplunkTrust
SplunkTrust

This should get you going in the right direction.

| tstats count where [|inputlookup indexes.csv | fields index | format] by index
---
If this reply helps you, an upvote would be appreciated.
0 Karma

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!