Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to get total number of Count?

Kirthika
Path Finder
‎05-07-2023 10:35 PM

 

Device_ID Handset_ID
1 Serial Number
1 Started
1 1420
1 1420
1 1420
1 Serial Number
1 Started
1 1420
1 Serial Number
1 Started
1 1420
1 1420
1 1420
1 Serial Number
1 Started
1 Serial Number
1 Started
2 1420
2 1420
2 Serial Number
2 Started
2 Serial Number
2 Started
2 Serial Number
2 Started
2 20
2 Serial Number
2 Started
2 Serial Number
2 Started

 

Expected Output: Count should be based on keyword "Serial Number"  followed by Handset_ID to another "Serial Number". If there is no Handset_ID between , it should skip the rows. Eg.last 4 rows

Handset_ID Total Count
1420 4
20 1
Labels (2)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-07-2023 11:28 PM 
| where Handset_ID == "Serial Number" OR match(Handset_ID, "\d+")
| autoregress Handset_ID
| where Handset_ID_p1 == "Serial Number" AND match(Handset_ID, "\d+")
| stats count by Handset_ID
Reply

Kirthika
Path Finder
‎05-07-2023 11:45 PM

Thanks. Its working

Tags (1)
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎05-07-2023 10:43 PM

Hi @Kirthika,

You can try below;

| autoregress Handset_ID
| search Handset_ID_p1="Started" Handset_ID!="Serial Number"
| stats count by Handset_ID
If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply

Kirthika
Path Finder
‎05-07-2023 10:54 PM

Hi,

 

Thanks for your reply. Its working

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...