Extracting the data from Table - Splunk Community

Splunk Search

Hi All,
I am new to SPLUNK and building dashboards and I have requirement to count the records from the table

No of Approved records index="XXXXX" PRODUCT=100| dedup PCN |stats count(eval(STATUS="A")) AS APPROVED
No of Cancelled records index="XXXXX" PRODUCT=100| dedup PCN |stats count(eval(STATUS="C")) AS APPROVED
No of Pending records index="XXXXX" PRODUCT=100 | stats latest(STATUS) as STATUS | where STATUS="P" --> This is not returning any results.

So, any thoughts on it ?

Thanks in advance.

1 KB

If you want to find a number of pending records then you should write

index="XXXXX" PRODUCT=100 STATUS="P" | stats dc(PCN) as "Pending"

Also if you want all the three requirements in one dashboard then you can try something like this

 index="XXXXX" PRODUCT=100 | stats dc(PCN) by STATUS

let me know if this helps!

Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now! In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...