Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to count all events in a metric index?

robertlynch2020
Motivator
‎05-13-2022 08:39 AM

Hi

I have a metric index that has multiple metric coming into it.

I know i can run a command like this, but i have over 20 different types of metrics and they might change over time. I know i cant run count(*) as you have to specify.

 

 

| mstats count("mx.process.cpu.utilization") as count WHERE "index"="murex_metrics" span=10s | stats count

 

 

 

Then I tried, however, if the data is the same it will only give you a unique not a correct count. 

 

 

| mpreview index=murex_metrics | stats count

 

 

 

So is there any command that will give me the stats count of a metric index quickly?

 

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Siddharth
Path Finder
‎05-17-2022 07:53 PM

Use this | mstats count(_value) as total where metric_name = "*"  AND  Index = metric_index span=you_want 


To understand what is count(_value) will do please read this 

Syntax: count(_value) | <function>(_value) [AS <string>] WHERE metric_name=<metric_name>Description: Specify a basic count of the _value field or a function on the _value field. The _value field uses a specific format to store the numeric value of the metric. You can specify one or more functions. Y


https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Mstats check the last line of this page they have given the example of what you are looking for

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

Siddharth
Path Finder
‎05-17-2022 07:53 PM

Use this | mstats count(_value) as total where metric_name = "*"  AND  Index = metric_index span=you_want 


To understand what is count(_value) will do please read this 

Syntax: count(_value) | <function>(_value) [AS <string>] WHERE metric_name=<metric_name>Description: Specify a basic count of the _value field or a function on the _value field. The _value field uses a specific format to store the numeric value of the metric. You can specify one or more functions. Y


https://docs.splunk.com/Documentation/Splunk/8.2.6/SearchReference/Mstats check the last line of this page they have given the example of what you are looking for

0 Karma
Reply
Solved! Jump to solution

robertlynch2020
Motivator
‎05-19-2022 07:45 AM

Hi

That worked

| mstats count(_value) as total where metric_name = "*" AND index = murex_metrics

Cheers

 

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...