Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I get a count of entries where one value is 0 or greater than 0?

BearMormont
Path Finder
‎02-15-2018 04:51 PM

I have a Splunk Query that is returning data, similar to:

ComputerName    NumVulns
Computer1             10
Computer2              0
Computer3             27
Computer4              0
Computer5            100

And I would like to convert that output to a count of machines where NumVulns is 0 or NumVulns is greater than 0. Something like:

ComputerWithVulns - 3
ComputerWithoutVulns - 2

Ultimately I want to put this into a pie chart, but I am new to Splunk and not sure how to proceed. I've read up on eval and count but so far none of my attempts have been successful.

Thanks!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

BearMormont
Path Finder
‎02-15-2018 05:53 PM

Figured it out myself:

|stats count(eval(NumVulns==0)) AS ComputerWithVulns count(eval(NumVulns>0)) AS ComputerWithoutVulns | transpose

Thanks!

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

BearMormont
Path Finder
‎02-15-2018 05:53 PM

Figured it out myself:

|stats count(eval(NumVulns==0)) AS ComputerWithVulns count(eval(NumVulns>0)) AS ComputerWithoutVulns | transpose

Thanks!

0 Karma
Reply
Solved! Jump to solution

BearMormont
Path Finder
‎02-15-2018 05:12 PM

Figured it out myself.

|stats count(eval(NumVulns==0)) AS ComputerWithVulns count(eval(NumVulns>0)) AS ComputerWithoutVulns | transpose

Thanks!

0 Karma
Reply
Solved! Jump to solution

micahkemp
Champion
‎02-15-2018 05:17 PM

Great! You may consider converting this comment to an answer and accepting it so that others may find the answer more easily.

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...