count number of events for each client?

rhlb18 · ‎03-02-2021

Hi Splunkers,

Typically , I am looking for a SPL query to get the names of each client, total error associated with each client in it. I have used below query which returns the total number of events and total number of clients who are facing this issue. Could someone please help so that, I could further make Pie chart with it.

(index=prod-web) AND "Error looking for client=* invoicingEntityId='*'" | stats count as Total dc(cf_client) as Client

rhlb18 · ‎03-02-2021

@KailA - Thank your help. But, I am just thinking if we can count the event the number of invents and not the number of cf_client?

KailA · ‎03-02-2021

Hello 🙂

You just to do a little modification in your search :

(index=prod-web) AND "Error looking for client=* invoicingEntityId='*'" 
| stats count as Total BY cf_client

This should return the number of error by client.

Let me know if it helps you 🙂

count number of events for each client?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

count number of events for each client?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem