Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do I iterate through a result set and fetch the data for each result?

Anantha123
Communicator
‎10-16-2018 07:13 AM

I have a query to retrieve "Item_Number " in table. The results will be as below...

..| table Item_Number

Item_Number
1234
2345
4567

Now, I want to calculate count for each of these "Item Number " .

I used below query to get the count . 

|table Item_Number |  map search="search index=* $Item_Number$|stats count as cnt"

but I am getting zero results .

Please suggest how to achieve this count for each result values of "Item_Number "

Thanks in Advance.

Tags (2)
0 Karma
Reply

arkadyz1
Builder
‎01-17-2019 10:54 AM

Count of all instances of each value? If yes, try | stats count by Item_Number instead of table. stats generates values in such a way that you can use this search to power a table on a form/dashboard.

0 Karma
Reply

Vijeta
Influencer
‎10-16-2018 07:52 AM

try using

\"$Item_Number$\" instead of $Item_Number$

0 Karma
Reply

Anantha123
Communicator
‎10-16-2018 08:03 AM

Thanks for quick reply Vijeta, but its not working. I am still getting count 0's .

0 Karma
Reply

Anantha123
Communicator
‎01-17-2019 10:36 AM

my query worked when I gave $$Item_Number$$..
your answer "\"$Item_Number$\"" also helped me when i had to use with eval ..like |eval ItemNo=\"$Item_Number$\"| ..
Thank you so much Vijeta.
Sorry for late reply.

0 Karma
Reply

Vijeta
Influencer
‎01-17-2019 10:37 AM

No problem. Glad it worked!

0 Karma
Reply

Vijeta
Influencer
‎01-17-2019 11:02 AM

@ananthan123 can you please accept the answer .

0 Karma
Reply

Vijeta
Influencer
‎10-16-2018 08:26 AM

try using fields instead of table in main search

0 Karma
Reply

Anantha123
Communicator
‎10-16-2018 08:59 AM

Yeah Vijeta, I even tried with fields and used the syntax that you shared . But did not helped me getting the count .

0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Observability - November 2025

Feature Highlight  Analyze your dimensions and metrics with Usage Analytics  To help optimize telemetry data ...

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...