Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to add a new column with serial number based on the uniqueness of the existing column?

spkriyaz
Path Finder
‎06-04-2020 07:23 AM

I have a column called "message" which has duplicate records in it. I want to create a new column named "serial" beside it to have a serial no. for the message.

For example:

If the first and second-row message columns are the same then the new column "serial" should have 1 and 1 in it. If not identical then it should have the serial number as 1 and 2, and continue the serial no. for other records based on the message column uniqueness.

Example:

alt text

Since my first two records has same value in message as arran I had the value as 1 for it wherever it appears in the table. If you see the message "flex" appears in different row but I consider the serial number as 2 wherever it appears.

Labels (1)
Labels
Preview file
3 KB
0 Karma
Reply

rnowitzki
Builder
‎06-04-2020 09:47 AM

Streamstats if your friend. This should do it:

| streamstats count as id
| sort message
| streamstats dc(message) as "serial"
| sort id
| fields - id

You could remove the first streamstats command, sort id and fields - id if the original order does not matter.
Use sort 0 id if you expect to have more than 10.000 rows.

--
Karma and/or Solution tagging appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Passionate about security automation? Apply now to our AI Playbook Authoring Alpha private preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...