Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom field for numbering/naming - requires loop ?

crt89
Communicator
‎07-21-2014 01:10 AM

Hi Good day Splunkers,

I was stuck on this simple problem. I want to make a field for my numbering/naming. I believe this can be attain by EVAL command. What I was trying to do is I have to show a table that consist of 11 results. I want to make a field before to it that indicates its name/number. Like 1 for row 1, then 2 for row 2

example:

name - result

1 - 200kb

2 - 250kb

3 - 300kb

4 - 350kb

5 - 400kb

How will my search be ? I was thinking a loop with eval but don't know where to start

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name
Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:51 PM

Oh yes didn't thought of that. Thanks again.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:36 PM

Are you replacing the numbers with names? If so, consider placing the mapping number->name into a lookup file to not clog your search statement with the list and to ease reuse as well as maintenance.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:32 PM

Thanks ! Now with this streamstats command I can change the numbers to specific values using the case command.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:17 PM

You need more karma to do that, but I can.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:11 PM

@martin_mueller Wow thanks, this is what I need. Now how can I make your comment as an answer.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 03:03 AM

I don't really understand your question, but you can do eval loops with foreach: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/foreach

0 Karma
Reply
Get Updates on the Splunk Community!

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

 Clayton Homes faced the increased challenge of strengthening their security posture as they went through ...

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

We’re happy to announce the release of Mission Control 2.3 which includes several new and exciting features ...

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Python 2.7, the last release of Python 2, reached End of Life back on January 1, 2020. As part of our larger ...