Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Find count of "failures" in events

navd
New Member
‎06-19-2018 06:09 PM

I am running the following query , which is returning the number of events where "failures" keyword is occuring , but how can I find how many times "failures" keyword occured in each event

index=abc "failures"|stats count by host|eventstats sum(count) as totalCount

Tags (1)
0 Karma
Reply

pruthvikrishnap
Contributor
‎06-20-2018 12:59 AM

Hey Navd,
based on the scenario this search might work.
Do let me know if this is helping you.

index=abc sourcetype=xyz "failures"| rex max_match=0 "(?P<term>failures)" 
 | eval count=mvcount(term) 
 | stats sum(count) as Total by term
0 Karma
Reply

Ayn
Legend
‎06-20-2018 12:44 AM

You can do this by extracting all occurrences of the string "failures" to a field and then count all instances of that field:

index=abc "failures" | rex max_match=0 "(?<failures>failures)" | stats count(failures)
0 Karma
Reply
Get Updates on the Splunk Community!

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

At .conf25, Splunk proudly recognized Fast Lane as the 2025 Authorized Learning Partner of the Year. This ...

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...