Solved: How can I count lines?

LauraBre · ‎06-27-2012

hello,

This is my search:

source=tcp:5555 PURCH_DAY=06-14 PURCH_DATE=19  PURCH_MIN>44 | stats count by ID_CARDHOLDER| sort - count | where count>=5|rangemap field=count severe=10-50 elevated=3-9 default=low

My problem is that I don't able to count the number of lines that my search returns. I want to apply my rangemap on the number of lines but I don't know how I can do it because I try count(_raw) but I don't use it correctly I think.

Thx by advance,

Laura

kristian_kolb · ‎06-27-2012

... |stats sum(linecount) AS MyTotalLines | ...

/kristian

View solution in original post

kristian_kolb · ‎06-27-2012

... |stats sum(linecount) AS MyTotalLines | ...

/kristian

LauraBre · ‎06-27-2012

No, I want to count the total lines that my search returns, not indivduals raw events.

Ayn · ‎06-27-2012

Number of lines in what? Individual raw events? Have you checked the linecount property?

How can I count lines?

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Join the Conversation

How can I count lines?

Splunk MCP & Agentic AI: Machine Data Without Limits

Finding Based Detections General Availability

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience