Re: How to compare 5 different fields and get the ...

aaa2324 · ‎05-04-2021

Hi Team,

I would like to compare below 5 different columns and get one more column as a count.

category code text country org

abc 100 Adv US 12

abc 100 Agh Eu 13

Column count should have have the number of times of occurrence of the below, say first 2 entries are occurring 2 time so it should display the output as

category code text country org Count

abc 100 Adv US 12 2

kindly help with the query to achieve this.

kamlesh_vaghela · ‎05-04-2021

@aaa2324

try this.

YOUR_SEARCh | stats count by category code  text  country  org

Sample:

| makeresults | eval _raw="category	code	text	country	org
abc	100	Adv	US	12
abc	100	Adv	US	12
abc	100	Agh	Eu	13
abc	100	Agh	Eu	13"
| multikv forceheader=1
| table category code  text  country  org
| stats count by category code  text  country  org

aaa2324 · ‎05-04-2021

Thanks but this is giving me the results as count below.

abc 100 Adv US 1

but I want the result to have count as 2 since it is occurring twice.

kindly advise

kamlesh_vaghela · ‎05-04-2021

It's giving 2 as count. can you please share your sample search ?

How to compare 5 different fields and get the count of their occurrence

stats

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life