Solved: How can I count lines?

LauraBre · ‎06-27-2012

hello,

This is my search:

source=tcp:5555 PURCH_DAY=06-14 PURCH_DATE=19  PURCH_MIN>44 | stats count by ID_CARDHOLDER| sort - count | where count>=5|rangemap field=count severe=10-50 elevated=3-9 default=low

My problem is that I don't able to count the number of lines that my search returns. I want to apply my rangemap on the number of lines but I don't know how I can do it because I try count(_raw) but I don't use it correctly I think.

Thx by advance,

Laura

kristian_kolb · ‎06-27-2012

... |stats sum(linecount) AS MyTotalLines | ...

/kristian

View solution in original post

kristian_kolb · ‎06-27-2012

... |stats sum(linecount) AS MyTotalLines | ...

/kristian

LauraBre · ‎06-27-2012

No, I want to count the total lines that my search returns, not indivduals raw events.

Ayn · ‎06-27-2012

Number of lines in what? Individual raw events? Have you checked the linecount property?

How can I count lines?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation