Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

For loop on each result of a the table

giolapid911
New Member
‎11-04-2022 01:38 PM

I have query that  returns successful logins and a profile ID.

 

Then from the result of those I want to create another search for each result that shows the email address of the the profile ID.

 

First query is 

index=commerce loginSuccessful=true
| stats count by profile

giolapid911_0-1667594223270.png

 

Then I would want to do the following.

 

For each "profile"

index=commerce "profile email!="<null>" email!=null | table profile email 

 

Labels (1)
Labels
0 Karma
Reply

johnhuang
Motivator
‎11-04-2022 02:42 PM 
index=commerce ((loginSuccessful=true) OR ("profile email!="<null>" AND email!=null))
| eval login_ct=CASE(loginSuccessful="true", 1)
| stats sum(login_ct) AS login_ct BY profile email
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...