Report using Splunk - Splunk Community

Reporting

I have a file which contains :
Name,age,location,SEARCH
abhay,24,kolkata,XXX
vidu,49,chennaii,YYY
ajay,34,mumbaii,XXX
puja,45,hydrabad,XXX
this,34,mumbai,ZZZ
sure,34,kolkata,YYY

Now, i want to output like :

XXX 3
YYY 2
ZZZ 1

means first field will have the KEYWORD list and second field will have the count

| inputlookup (or inputcsv) foo.csv | search SEARCH=* | eval SEARCH=lower(SEARCH) | stats count by SEARCH

@abhayneilam: Does this answer your question? If so, could you mark it as such?

I've updated with these 2 additional constraints.
By "delete if any blank line" do you mean the whole line could be blank or just the "SEARCH" column? The first case should be handled automatically; the "search SEARCH=*" should work for the latter.

and also i would like to delete if any blank line is there

if my SEARCH field is :

XXX
xXx
xxx
XXx
XxX
XXX

then, i want to count XXX as 6 in this case but here all are coming different count...

Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...