please provide me solution on tutorial data
Client purchase details: Provide details about client purchase details 1. Total purchase split by product ID 2. Total Products split by product ID
Hi @dilip7504,
In general, you could get it by ,
your search terms | stats coun(purchase) as Total_Purchase,count(Products) as Total_Products by product_id
If this doesn't work , please provide some sample events
doesn't work
sourcetype=access_* | stats count(purchase) as Total_Purchase,count(Products) as Total_Products by product_id
this is work
sourcetype=access_* action="purchase"| stats count as product by productId
OK . Do you have any pending issues?
If you are experimenting with the tutorial data , then this might help https://www.splunk.com/en_us/resources/video.gzdGVpbzqfsrZ6zSHd2qbGhuXBhMrEME.html
