Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I iterate through a result set and fetch the data for each result?

Anantha123
Communicator
‎10-16-2018 07:13 AM

I have a query to retrieve "Item_Number " in table. The results will be as below...

..| table Item_Number

Item_Number
1234
2345
4567

Now, I want to calculate count for each of these "Item Number " .

I used below query to get the count . 

|table Item_Number |  map search="search index=* $Item_Number$|stats count as cnt"

but I am getting zero results .

Please suggest how to achieve this count for each result values of "Item_Number "

Thanks in Advance.

Tags (2)
0 Karma
Reply

arkadyz1
Builder
‎01-17-2019 10:54 AM

Count of all instances of each value? If yes, try | stats count by Item_Number instead of table. stats generates values in such a way that you can use this search to power a table on a form/dashboard.

0 Karma
Reply

Vijeta
Influencer
‎10-16-2018 07:52 AM

try using

\"$Item_Number$\" instead of $Item_Number$

0 Karma
Reply

Anantha123
Communicator
‎10-16-2018 08:03 AM

Thanks for quick reply Vijeta, but its not working. I am still getting count 0's .

0 Karma
Reply

Anantha123
Communicator
‎01-17-2019 10:36 AM

my query worked when I gave $$Item_Number$$..
your answer "\"$Item_Number$\"" also helped me when i had to use with eval ..like |eval ItemNo=\"$Item_Number$\"| ..
Thank you so much Vijeta.
Sorry for late reply.

0 Karma
Reply

Vijeta
Influencer
‎01-17-2019 10:37 AM

No problem. Glad it worked!

0 Karma
Reply

Vijeta
Influencer
‎01-17-2019 11:02 AM

@ananthan123 can you please accept the answer .

0 Karma
Reply

Vijeta
Influencer
‎10-16-2018 08:26 AM

try using fields instead of table in main search

0 Karma
Reply

Anantha123
Communicator
‎10-16-2018 08:59 AM

Yeah Vijeta, I even tried with fields and used the syntax that you shared . But did not helped me getting the count .

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...