Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to combine the values of same field into one

renuka
Path Finder
‎01-19-2021 02:22 AM

Hello

My question is how to combine the same values into one which are getting differentiate  by another field

Example

if I done stats by ReqId it is giving me 1 as count

 stats count(Result=Pass) as Pass  by ReqId, Feature set ,domain, test type, asil 

it gives output

ReqIDFeature setDomaintest typeasilverdictDateTotalPass conductedPassedFail
5.7.1.2.2.8 SW V&VSystem Test SW Module/Unit TestBPARTIAL PASSTue 10 Nov 2020 10:30:005330

 

if I add verified column to same search

  stats count(Result=Pass) as Pass  by ReqId, Feature set, domain, test type, asil ,verified

the output is

ReqIdFeature setDomainTest typeAsilVerifiedverdictdateTotalConductedPassed
5.7.1.2.2.8 SW V&VSystem Test SW Module/Unit TestB PARTIAL PASS 200
R: 5.7.1.2.2.8 SW V&VSystem Test SW Module/Unit TestBRC01PASSTue 10 Nov 2020 10:30:00333

  

Now even when i add verified also it should be display with single ReqId

Please help me out with is issue

 

Thank you in advance 

Renuka

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎01-19-2021 05:03 AM

Hi @renuka,

So you should use values function on stats. Please try below;

| stats count(Result=Pass) as Pass values(verified) as verified by ReqId, Feature set, domain, test type, asil

 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

scelikok
SplunkTrust
SplunkTrust
‎01-19-2021 05:03 AM

Hi @renuka,

So you should use values function on stats. Please try below;

| stats count(Result=Pass) as Pass values(verified) as verified by ReqId, Feature set, domain, test type, asil

 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

scelikok
SplunkTrust
SplunkTrust
‎01-19-2021 03:34 AM

Hi @renuka,

It seems for given ReqId you have two events having different Verified field content. And this Verified field is not null that is why shows up on results. You can filter this before stats like below;

| search verified!=""
| stats count(Result=Pass) as Pass  by ReqId, Feature set, domain, test type, asil ,verified

 

If this reply helps you an upvote is appreciated.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Solved! Jump to solution

renuka
Path Finder
‎01-19-2021 05:33 AM

Hello @scelikok 

 Thank you for helping me and it works

0 Karma
Reply
Solved! Jump to solution

renuka
Path Finder
‎01-19-2021 03:47 AM

Thanks for replying

But I want  to take two columns count as single column.

Like In above example I got total count as 5

when I  count by verified it giving me output 2 and 3 total count for same ReqID

 Even If I count by verified I want total count as 5 for one ReqID

I tried with |search verified!="" it just eliminating the columns which are not equal, but I want to combine two value counts of same ReqID

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...