Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I find then number of elements in a comma delimited list?

mklunder
Explorer
‎12-13-2013 05:44 PM

Given the following log entry how would a find the number of host entries and assign it to a field?

Thanks!

FINEST|1137/0|Service KOALA-MANGOES|13-12-14 00:13:35|INFO: Available nodes: [host :htti://10.0.46.107:5555 time out : 30000, host :htti://10.0.46.103:5555 time out : 30000, host :htti://10.0.46.106:5555 time out : 30000, host :htti://10.0.49.52:5555 time out : 30000, host :htti://10.0.49.176:5555 time out : 30000, host :htti://10.0.49.53:5555 time out : 30000, host :htti://10.0.39.21:5555 time out : 30000, host :htti://10.0.39.17:5555 time out : 30000, host :htti://10.0.39.19:5555 time out : 30000, host :htti://10.0.49.51:5555 time out : 30000, host :htti://10.0.39.20:5555 time out : 30000, host :htti://10.0.33.62:5555 time out : 30000, host :htti://10.0.39.18:5555 time out : 30000, host :htti://10.0.46.105:5555 time out : 30000, host :htti://10.0.50.102:5555 time out : 30000, host :htti://10.0.46.104:5555 time out : 30000, host :htti://10.0.49.54:5555 time out : 30000]
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎12-14-2013 02:35 AM

I would suggest that you extract the host values as a multi-valued field.

Then you can find out the number of hosts by using the mvcount() function for eval.

... | eval XXX = mvcount(servers)

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions

/K

View solution in original post

Reply
Solved! Jump to solution
Solution

kristian_kolb
Ultra Champion
‎12-14-2013 02:35 AM

I would suggest that you extract the host values as a multi-valued field.

Then you can find out the number of hosts by using the mvcount() function for eval.

... | eval XXX = mvcount(servers)

http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/CommonEvalFunctions

/K

Reply
Solved! Jump to solution

mklunder
Explorer
‎12-14-2013 01:05 PM

Thanks. That did the trick. I am now trying to do it in a calculated field such as

mvcount( SPLIT(nodes, ",") )

but am getting an error on the web ui. This is tracked in another question. Thanks again.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...