Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I group the query?

uppukumar
Explorer
‎03-08-2019 03:50 AM

Hi all,

I am new to splunk
Following is the information:

Column1                          Column2         column3
first                            Success
first                            Incomplete
First                           Timeout

I want the above information like

Column1             successcount               Fail count
first                      1                         2

Note:Here Fail count is Incomplete and Timeout

Can any one help on this how to form a qeury to get the above output

Thanks

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎03-08-2019 05:35 AM

@uppukumar,

Try,

"your base search " 
| stats count(eval(Column2 ="Success")) as SuccessCount,count(eval(Column2 !="Success")) as FailedCount by Column1

You may change the condition for FailedCount based on your criteria

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

vnravikumar
Champion
‎03-08-2019 05:33 AM

Hi @uppukumar

Try like

your query..| stats count(eval(Coloumn2="Success")) as "Success count" count(eval(Coloumn2="Incomplete" OR Coloumn2="Timeout")) as "Fail count" by Coloumn1
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...