Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Combining search statements

honobe
Explorer
‎08-02-2017 10:12 PM

For each subject in the search sentence, the count number is displayed.
In addition to the information currently being displayed, I want to display the attached file name for each subject.

The search sentence you are using is below.
※ Partially omitted

index=xxxxx
| lookup ~ommitted~
| stats count ~ommitted~ by subject

Can I display the attached file name by adding it to the search sentence that is counting?

-image-

Subject | Number | attached file name | Number of Mail with Attachment

AAAA | 100 | aaaa | 10
BBBB | 50 | none | 0
CCCC | 200 | cccc | 200

In the current search searches, only the subject line and number of items are displayed.
*I want to display none if there is no attached file.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

DalJeanis
Legend
‎08-03-2017 01:01 PM

try...
| eval filename=coalesce(filename, "none")
| stats count values(filename) as filename by subject

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

DalJeanis
Legend
‎08-03-2017 01:01 PM

try...
| eval filename=coalesce(filename, "none")
| stats count values(filename) as filename by subject

0 Karma
Reply
Solved! Jump to solution

honobe
Explorer
‎08-03-2017 05:57 PM

Thanks to your answer, I was able to solve the problem.

Reply
Get Updates on the Splunk Community!

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...