Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I group the query?

uppukumar
Explorer
‎03-08-2019 03:50 AM

Hi all,

I am new to splunk
Following is the information:

Column1                          Column2         column3
first                            Success
first                            Incomplete
First                           Timeout

I want the above information like

Column1             successcount               Fail count
first                      1                         2

Note:Here Fail count is Incomplete and Timeout

Can any one help on this how to form a qeury to get the above output

Thanks

Tags (1)
0 Karma
Reply

renjith_nair
Legend
‎03-08-2019 05:35 AM

@uppukumar,

Try,

"your base search " 
| stats count(eval(Column2 ="Success")) as SuccessCount,count(eval(Column2 !="Success")) as FailedCount by Column1

You may change the condition for FailedCount based on your criteria

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply

vnravikumar
Champion
‎03-08-2019 05:33 AM

Hi @uppukumar

Try like

your query..| stats count(eval(Coloumn2="Success")) as "Success count" count(eval(Coloumn2="Incomplete" OR Coloumn2="Timeout")) as "Fail count" by Coloumn1
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Platform | Upgrading your Splunk Deployment to Python 3.9

Splunk initially announced the removal of Python 2 during the release of Splunk Enterprise 8.0.0, aiming to ...

From Product Design to User Insights: Boosting App Developer Identity on Splunkbase

co-authored by Yiyun Zhu & Dan Hosaka Engaging with the Community at .conf24 At .conf24, we revitalized the ...

Detect and Resolve Issues in a Kubernetes Environment

We’ve gone through common problems one can encounter in a Kubernetes environment, their impacts, and the ...