Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Help with a simple search: How do I count how many days match a certain criteria? (example below)

dritjon
Path Finder
‎10-27-2022 01:49 AM

I have this search which builds a table

my_search | timechart span=1d sum(eval(b/1024/1024/1024)) AS volume_b

it will build a table like this:

24 October18
25 October10
26 October25
27 October30

 

Now, from this search I want to do a simple count: how many days have a volume>15

for the table above it would just show count: 3

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-27-2022 01:59 AM

Hi @dritjon,

you have to add a condition and stats count to your search:

my_search 
| timechart span=1d sum(eval(b/1024/1024/1024)) AS volume_b
| where volume_b>15
| stats count

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎10-27-2022 01:59 AM

Hi @dritjon,

you have to add a condition and stats count to your search:

my_search 
| timechart span=1d sum(eval(b/1024/1024/1024)) AS volume_b
| where volume_b>15
| stats count

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...