Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom field for numbering/naming - requires loop ?

crt89
Communicator
‎07-21-2014 01:10 AM

Hi Good day Splunkers,

I was stuck on this simple problem. I want to make a field for my numbering/naming. I believe this can be attain by EVAL command. What I was trying to do is I have to show a table that consist of 11 results. I want to make a field before to it that indicates its name/number. Like 1 for row 1, then 2 for row 2

example:

name - result

1 - 200kb

2 - 250kb

3 - 300kb

4 - 350kb

5 - 400kb

How will my search be ? I was thinking a loop with eval but don't know where to start

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name
Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:51 PM

Oh yes didn't thought of that. Thanks again.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:36 PM

Are you replacing the numbers with names? If so, consider placing the mapping number->name into a lookup file to not clog your search statement with the list and to ease reuse as well as maintenance.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:32 PM

Thanks ! Now with this streamstats command I can change the numbers to specific values using the case command.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:17 PM

You need more karma to do that, but I can.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:11 PM

@martin_mueller Wow thanks, this is what I need. Now how can I make your comment as an answer.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 03:03 AM

I don't really understand your question, but you can do eval loops with foreach: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/foreach

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...