Extracting the data from Table - Splunk Community

Splunk Search

Hi All,
I am new to SPLUNK and building dashboards and I have requirement to count the records from the table

No of Approved records index="XXXXX" PRODUCT=100| dedup PCN |stats count(eval(STATUS="A")) AS APPROVED
No of Cancelled records index="XXXXX" PRODUCT=100| dedup PCN |stats count(eval(STATUS="C")) AS APPROVED
No of Pending records index="XXXXX" PRODUCT=100 | stats latest(STATUS) as STATUS | where STATUS="P" --> This is not returning any results.

So, any thoughts on it ?

Thanks in advance.

6 KB

If you want to find a number of pending records then you should write

index="XXXXX" PRODUCT=100 STATUS="P" | stats dc(PCN) as "Pending"

Also if you want all the three requirements in one dashboard then you can try something like this

 index="XXXXX" PRODUCT=100 | stats dc(PCN) by STATUS

let me know if this helps!

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers, So you searched, “what is the name of the usb key inserted by bob smith?” Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register Is your ...