How do I iterate through a result set and fetch th...

Anantha123 · ‎10-16-2018

I have a query to retrieve "Item_Number " in table. The results will be as below...

..| table Item_Number

Item_Number
1234
2345
4567

Now, I want to calculate count for each of these "Item Number " .

I used below query to get the count .

|table Item_Number |  map search="search index=* $Item_Number$|stats count as cnt"

but I am getting zero results .

Please suggest how to achieve this count for each result values of "Item_Number "

Thanks in Advance.

arkadyz1 · ‎01-17-2019

Count of all instances of each value? If yes, try | stats count by Item_Number instead of table. stats generates values in such a way that you can use this search to power a table on a form/dashboard.

Vijeta · ‎10-16-2018

try using

\"$Item_Number$\" instead of $Item_Number$

Anantha123 · ‎10-16-2018

Thanks for quick reply Vijeta, but its not working. I am still getting count 0's .

Anantha123 · ‎01-17-2019

my query worked when I gave $$Item_Number$$..
your answer "\"$Item_Number$\"" also helped me when i had to use with eval ..like |eval ItemNo=\"$Item_Number$\"| ..
Thank you so much Vijeta.
Sorry for late reply.

Vijeta · ‎01-17-2019

No problem. Glad it worked!

Vijeta · ‎01-17-2019

@ananthan123 can you please accept the answer .

Vijeta · ‎10-16-2018

try using fields instead of table in main search

Anantha123 · ‎10-16-2018

Yeah Vijeta, I even tried with fields and used the syntax that you shared . But did not helped me getting the count .

How do I iterate through a result set and fetch the data for each result?

Join Us for Splunk University and Get Your Bootcamp Game On!

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

Announcing Scheduled Export GA for Dashboard Studio