Report using Splunk - Splunk Community

Reporting

I have a file which contains :
Name,age,location,SEARCH
abhay,24,kolkata,XXX
vidu,49,chennaii,YYY
ajay,34,mumbaii,XXX
puja,45,hydrabad,XXX
this,34,mumbai,ZZZ
sure,34,kolkata,YYY

Now, i want to output like :

XXX 3
YYY 2
ZZZ 1

means first field will have the KEYWORD list and second field will have the count

| inputlookup (or inputcsv) foo.csv | search SEARCH=* | eval SEARCH=lower(SEARCH) | stats count by SEARCH

@abhayneilam: Does this answer your question? If so, could you mark it as such?

I've updated with these 2 additional constraints.
By "delete if any blank line" do you mean the whole line could be blank or just the "SEARCH" column? The first case should be handled automatically; the "search SEARCH=*" should work for the latter.

and also i would like to delete if any blank line is there

if my SEARCH field is :

XXX
xXx
xxx
XXx
XxX
XXX

then, i want to count XXX as 6 in this case but here all are coming different count...

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers, We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...