Count occurrences of values for a field

RB5 · ‎06-10-2014

For below, I'd like to list the number of times a 'type' exists, that is, 1 PDF, 1 GIF, 2 JPG and 6 PNG. There is more to the search/data, but using something like:

| stats count by Date, DIRECTION, type

will only list '1' for each field (as if doing a distinct count). Something like:

| stats dc(type) as TYPES by Date DIRECTION, type

list '4' for each type (I assume because 4 different types).

Seems like it's probably easy, but I'm missing it.
Thanks.

Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=jpg
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=jpg
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=png
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=png
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=png
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=png
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=png
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=png
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=gif
Jun 7 00:50:15 lrdna0n2xepmx10 filter_instance1 rprt s=1mb0nj7xyk m=1 mod=mail cmd=attachment type=pdf

RB5 · ‎06-10-2014

I know I can do: |stats count by type
for the data I show above, but there is more to the scenario than that. I'll post the full issue in another question.

Count occurrences of values for a field

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!