Hi Splunkers,
Anyone can help, I need to count field Flag where value is 0.
I've tried using this command " streamstats count(Flag=0) as Results_0 | table Results_0"
But the table is blank.
Please advice.
Thanks
Do you need to get a streaming count or a total count
| streamstats sum(eval(if(Flag=0,1,0))) as Results_0
You can use streamstats where Results_0 will be a new field added to each row, or if you just want to get a single count of the total where Flag=0, use stats, not streamstats.
Do you need to get a streaming count or a total count
| streamstats sum(eval(if(Flag=0,1,0))) as Results_0
You can use streamstats where Results_0 will be a new field added to each row, or if you just want to get a single count of the total where Flag=0, use stats, not streamstats.
Thanks, it works 😁