Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get total number of Count?

Kirthika
Path Finder
‎05-07-2023 10:35 PM

 

Device_ID Handset_ID
1 Serial Number
1 Started
1 1420
1 1420
1 1420
1 Serial Number
1 Started
1 1420
1 Serial Number
1 Started
1 1420
1 1420
1 1420
1 Serial Number
1 Started
1 Serial Number
1 Started
2 1420
2 1420
2 Serial Number
2 Started
2 Serial Number
2 Started
2 Serial Number
2 Started
2 20
2 Serial Number
2 Started
2 Serial Number
2 Started

 

Expected Output: Count should be based on keyword "Serial Number"  followed by Handset_ID to another "Serial Number". If there is no Handset_ID between , it should skip the rows. Eg.last 4 rows

Handset_ID Total Count
1420 4
20 1
Labels (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-07-2023 11:28 PM 
| where Handset_ID == "Serial Number" OR match(Handset_ID, "\d+")
| autoregress Handset_ID
| where Handset_ID_p1 == "Serial Number" AND match(Handset_ID, "\d+")
| stats count by Handset_ID
Reply

Kirthika
Path Finder
‎05-07-2023 11:45 PM

Thanks. Its working

Tags (1)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎05-07-2023 10:43 PM

Hi @Kirthika,

You can try below;

| autoregress Handset_ID
| search Handset_ID_p1="Started" Handset_ID!="Serial Number"
| stats count by Handset_ID
If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply

Kirthika
Path Finder
‎05-07-2023 10:54 PM

Hi,

 

Thanks for your reply. Its working

0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...