Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help me with my table count?

jip31
Motivator
‎09-14-2018 01:50 AM

Hello,

I use the table count below :

index="wineventlog" sourcetype="wineventlog:*" SourceName="*" Type="Critique" | dedup host  | table  _time SourceName host  | stats count by host  | sort - count limit=10 | join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" | stats values(data) as OS by host] | table OS count

But in reality, i want not a count each time there is a new host but a global count of the OS

For example actually I have:

OS Count
W10 1
W10 1

But i need instead:

OS Count
W10 2

Could you help me please??

Tags (2)
0 Karma
Reply

jip31
Motivator
‎09-16-2018 04:19 AM

somebody for helping me please???

0 Karma
Reply

jip31
Motivator
‎09-16-2018 04:31 AM

i have modified the code a few but always the same

index="windows" sourcetype="wineventlog:Application" SourceName="*" Type="Critique" OR Type="*" | dedup host   | stats count by host   |join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" |stats values(data) as OS by host]| table OS count| sort - count limit=10
0 Karma
Reply

jip31
Motivator
‎09-16-2018 04:38 AM

ohhh i found!!
i have done this :

index="windows" sourcetype="wineventlog:Application" SourceName="*" Type="Critique" OR Type="*" | dedup host   | stats count by host   |join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\airbus\\master\\WindowsVersion" |stats values(data) as OS by host]| stats count values(host) by OS | table OS count| sort - count limit=10
0 Karma
Reply

osakachan
Communicator
‎09-14-2018 01:56 AM

The problem is you are counting by host, not by OS.

Try this
index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" | dedup host | join host [search index=windows sourcetype=winregistry key_path="\registry\machine\software\wow6432node\x\master\WindowsVersion" | stats values(data) as OS by host] | stats count values(host) by OS | sort - count limit=10

0 Karma
Reply

jip31
Motivator
‎09-16-2018 12:23 AM

I have no results with this code...

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Life | Happy Pride Month!

Happy Pride Month, Splunk Community! 🌈 In the United States, as well as many countries around the ...

SplunkTrust | Where Are They Now - Michael Uschmann

The Background Five years ago, Splunk published several videos showcasing members of the SplunkTrust to share ...

Admin Your Splunk Cloud, Your Way

Join us to maximize different techniques to best tune Splunk Cloud. In this Tech Enablement, you will get ...