Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Custom field for numbering/naming - requires loop ?

crt89
Communicator
‎07-21-2014 01:10 AM

Hi Good day Splunkers,

I was stuck on this simple problem. I want to make a field for my numbering/naming. I believe this can be attain by EVAL command. What I was trying to do is I have to show a table that consist of 11 results. I want to make a field before to it that indicates its name/number. Like 1 for row 1, then 2 for row 2

example:

name - result

1 - 200kb

2 - 250kb

3 - 300kb

4 - 350kb

5 - 400kb

How will my search be ? I was thinking a loop with eval but don't know where to start

Thanks,

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name

View solution in original post

Reply
Solved! Jump to solution
Solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 04:52 AM

Are you by chance looking for this?

... | streamstats count as name
Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:51 PM

Oh yes didn't thought of that. Thanks again.

0 Karma
Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:36 PM

Are you replacing the numbers with names? If so, consider placing the mapping number->name into a lookup file to not clog your search statement with the list and to ease reuse as well as maintenance.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:32 PM

Thanks ! Now with this streamstats command I can change the numbers to specific values using the case command.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 07:17 PM

You need more karma to do that, but I can.

Reply
Solved! Jump to solution

crt89
Communicator
‎07-21-2014 07:11 PM

@martin_mueller Wow thanks, this is what I need. Now how can I make your comment as an answer.

Reply
Solved! Jump to solution

martin_mueller
SplunkTrust
SplunkTrust
‎07-21-2014 03:03 AM

I don't really understand your question, but you can do eval loops with foreach: http://docs.splunk.com/Documentation/Splunk/6.1.2/SearchReference/foreach

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...