Solved: Re: Get total count of a field per host

amit2312 · ‎09-07-2022

Hi,

I am new to splunk, this might have asked and answered but didn't get the answer when i searched it. here is my query: I have a base query, which basically gets the ids field(ex : 1234,3213) from different hosts. i want to get the total number of ids per host.

data:

host : ids: price: details

xyz:123:$45:example

cds:143:$45:example

richgalloway · ‎09-07-2022

Use the stats command for that.

| stats count(ids) by host

---
If this reply helps you, Karma would be appreciated.

View solution in original post

bowesmana · ‎09-07-2022

As @richgalloway but if you want unique ids, use dc(ids)

richgalloway · ‎09-07-2022

Use the stats command for that.

| stats count(ids) by host

---
If this reply helps you, Karma would be appreciated.

amit2312 · ‎09-09-2022

Thanks a lot for your help. it worked.

How do I get total count of a field per host?

count

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

Are you a member of the Splunk Community?

How do I get total count of a field per host?

count

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!