Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I get total count of a field per host?

amit2312
Engager
‎09-07-2022 01:53 PM

Hi,

I am new to splunk, this might have asked and answered but didn't get the answer when i searched it. here is my query: I have a base query, which basically gets the ids field(ex : 1234,3213) from different hosts. i want to get the total number of ids per host. 

data:

host : ids: price: details

xyz:123:$45:example 

cds:143:$45:example

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-07-2022 02:20 PM

Use the stats command for that.

| stats count(ids) by host

 

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎09-07-2022 04:33 PM

As @richgalloway but if you want unique ids, use dc(ids)

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎09-07-2022 02:20 PM

Use the stats command for that.

| stats count(ids) by host

 

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

amit2312
Engager
‎09-09-2022 01:41 PM

Thanks a lot for your help. it worked.

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Transform your security operations with Splunk Enterprise Security

Hi Splunk Community, Splunk Platform has set a great foundation for your security operations. With the ...

Splunk Admins and App Developers | Earn a $35 gift card!

Splunk, in collaboration with ESG (Enterprise Strategy Group) by TechTarget, is excited to announce a ...

Enterprise Security Content Update (ESCU) | New Releases

In October, the Splunk Threat Research Team had one release of new security content via the Enterprise ...