- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Count the number of field
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
So I have to count the number of resulted fields, it doesn't go far than this. for my search I have index=example sourcetype=example source=example, and the goal is to know how many fields are extracted from the results of this search.
Can anyone help please 😄 ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can use fieldsummary command:
index=example sourcetype=example | fieldsummary
And count fields using:
index=example sourcetype=example | fieldsummary | table field | stats count
more about fieldsummary here:
fieldsummary - Splunk Documentation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you can use fieldsummary command:
index=example sourcetype=example | fieldsummary
And count fields using:
index=example sourcetype=example | fieldsummary | table field | stats count
more about fieldsummary here:
fieldsummary - Splunk Documentation
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much it's really helpful
Enterprise Security Content Update (ESCU) | New Releases
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
