Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Community
- :
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Can you help me with my table count?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you help me with my table count?
jip31
Motivator
09-14-2018
01:50 AM
Hello,
I use the table count below :
index="wineventlog" sourcetype="wineventlog:*" SourceName="*" Type="Critique" | dedup host | table _time SourceName host | stats count by host | sort - count limit=10 | join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" | stats values(data) as OS by host] | table OS count
But in reality, i want not a count each time there is a new host but a global count of the OS
For example actually I have:
OS Count
W10 1
W10 1
But i need instead:
OS Count
W10 2
Could you help me please??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
09-16-2018
04:19 AM
somebody for helping me please???
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
09-16-2018
04:31 AM
i have modified the code a few but always the same
index="windows" sourcetype="wineventlog:Application" SourceName="*" Type="Critique" OR Type="*" | dedup host | stats count by host |join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\x\\master\\WindowsVersion" |stats values(data) as OS by host]| table OS count| sort - count limit=10
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
09-16-2018
04:38 AM
ohhh i found!!
i have done this :
index="windows" sourcetype="wineventlog:Application" SourceName="*" Type="Critique" OR Type="*" | dedup host | stats count by host |join host [search index=windows sourcetype=winregistry key_path="\\registry\\machine\\software\\wow6432node\\airbus\\master\\WindowsVersion" |stats values(data) as OS by host]| stats count values(host) by OS | table OS count| sort - count limit=10
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
osakachan
Communicator
09-14-2018
01:56 AM
The problem is you are counting by host, not by OS.
Try this
index="wineventlog" sourcetype="wineventlog:" SourceName="" Type="Critique" | dedup host | join host [search index=windows sourcetype=winregistry key_path="\registry\machine\software\wow6432node\x\master\WindowsVersion" | stats values(data) as OS by host] | stats count values(host) by OS | sort - count limit=10
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jip31
Motivator
09-16-2018
12:23 AM
I have no results with this code...
Get Updates on the Splunk Community!
Platform Newsletter Highlights | March 2023
March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...
Enterprise Security Content Updates (ESCU) - New Releases
In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...
Thought Leaders are Validating Your Hard Work and Training Rigor
As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...
