Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom field for numbering/naming - requires loop ?

crt89
Communicator
‎07-21-2014 01:10 AM

Hi Good day Splunkers,

I was stuck on this simple problem. I want to make a field for my numbering/naming. I believe this can be attain by EVAL command. What I was trying to do is I have to show a table that consist of 11 results. I want to make a field before to it that indicates its name/number. Like 1 for row 1, then 2 for row 2

example:

name - result

1 - 200kb

2 - 250kb

3 - 300kb

4 - 350kb

5 - 400kb

How will my search be ? I was thinking a loop with eval but don't know where to start

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name
Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:51 PM

Oh yes didn't thought of that. Thanks again.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:36 PM

Are you replacing the numbers with names? If so, consider placing the mapping number->name into a lookup file to not clog your search statement with the list and to ease reuse as well as maintenance.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:32 PM

Thanks ! Now with this streamstats command I can change the numbers to specific values using the case command.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:17 PM

You need more karma to do that, but I can.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:11 PM

@martin_mueller Wow thanks, this is what I need. Now how can I make your comment as an answer.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 03:03 AM

I don't really understand your question, but you can do eval loops with foreach: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/foreach

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App for Anomaly Detection End of Life Announcment

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top