Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom field for numbering/naming - requires loop ?

crt89
Communicator
‎07-21-2014 01:10 AM

Hi Good day Splunkers,

I was stuck on this simple problem. I want to make a field for my numbering/naming. I believe this can be attain by EVAL command. What I was trying to do is I have to show a table that consist of 11 results. I want to make a field before to it that indicates its name/number. Like 1 for row 1, then 2 for row 2

example:

name - result

1 - 200kb

2 - 250kb

3 - 300kb

4 - 350kb

5 - 400kb

How will my search be ? I was thinking a loop with eval but don't know where to start

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name
Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:51 PM

Oh yes didn't thought of that. Thanks again.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:36 PM

Are you replacing the numbers with names? If so, consider placing the mapping number->name into a lookup file to not clog your search statement with the list and to ease reuse as well as maintenance.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:32 PM

Thanks ! Now with this streamstats command I can change the numbers to specific values using the case command.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:17 PM

You need more karma to do that, but I can.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:11 PM

@martin_mueller Wow thanks, this is what I need. Now how can I make your comment as an answer.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 03:03 AM

I don't really understand your question, but you can do eval loops with foreach: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/foreach

0 Karma
Reply
Get Updates on the Splunk Community!

What the End of Support for Splunk Add-on Builder Means for You

Hello Splunk Community! We want to share an important update regarding the future of the Splunk Add-on Builder ...

Solve, Learn, Repeat: New Puzzle Channel Now Live

Welcome to the Splunk Puzzle PlaygroundIf you are anything like me, you love to solve problems, and what ...

Building Reliable Asset and Identity Frameworks in Splunk ES

 Accurate asset and identity resolution is the backbone of security operations. Without it, alerts are ...