Report using Splunk - Splunk Community

Reporting

I have a file which contains :
Name,age,location,SEARCH
abhay,24,kolkata,XXX
vidu,49,chennaii,YYY
ajay,34,mumbaii,XXX
puja,45,hydrabad,XXX
this,34,mumbai,ZZZ
sure,34,kolkata,YYY

Now, i want to output like :

XXX 3
YYY 2
ZZZ 1

means first field will have the KEYWORD list and second field will have the count

| inputlookup (or inputcsv) foo.csv | search SEARCH=* | eval SEARCH=lower(SEARCH) | stats count by SEARCH

@abhayneilam: Does this answer your question? If so, could you mark it as such?

I've updated with these 2 additional constraints.
By "delete if any blank line" do you mean the whole line could be blank or just the "SEARCH" column? The first case should be handled automatically; the "search SEARCH=*" should work for the latter.

and also i would like to delete if any blank line is there

if my SEARCH field is :

XXX
xXx
xxx
XXx
XxX
XXX

then, i want to count XXX as 6 in this case but here all are coming different count...

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...