Splunk Search

Count number of diefferent field values

schufi01
Path Finder

Hi,

My events contain a field  named "fruit" that distinguishes, what kind of fruit the event is about. I would like to sum up, how many different fruits have been in the events of the last 15 minutes.

Imagine those are the field values of 5 different events:

 

1. Banana, 2. Apple, 3.Banana, 4. Banana, 5. Strawberry

 

My aim is now to display the Number "3 " in a Panel, because the events contained 3 different kinds of fruits. Can anybody help me, how I could do that?

Labels (2)
0 Karma
1 Solution

rnowitzki
Builder

Hi  @schufi01 ,

Try this:

| stats dc(fruit) as fruitcount


Field "fruitcount" will contain the distinct count of values in the field fruit.

BR
Ralph 

--
Karma and/or Solution tagging appreciated.

View solution in original post

rnowitzki
Builder

Hi  @schufi01 ,

Try this:

| stats dc(fruit) as fruitcount


Field "fruitcount" will contain the distinct count of values in the field fruit.

BR
Ralph 

--
Karma and/or Solution tagging appreciated.

View solution in original post