Splunk Search

How to concatenate events from multiple hosts as single host?

sekhar463
Path Finder

Hai All,

we have events from different hosts with same name. any search query to add them in single host field

please suggest 

 

dallvcrfix1p 1913
dallvcrfix1p.ops.invesco.net 20
   
Labels (3)
0 Karma

sekhar463
Path Finder

index=indexname addtotals row=f col=t labelfield=host sum(host)

no results i am trying this 

0 Karma

Siddharth
Path Finder

 

Can you send me the query how did you get this result 

 

dallvcrfix1p1913
dallvcrfix1p.ops.invesco.net20
  
0 Karma

sekhar463
Path Finder

i m using query index=ivz_unix_linux_events |stats count by host

and in events we have hostnames with 2 hostnames so i want add count both for single filed 

allhebsms1p6434
dallhebsms1p.ops.invesco.net41
dallvcrfix1p1688
dallvcrfix1p.ops.invesco.net82
dallvcrfix2p2027
dallvcrfix2p.ops.invesco.net20
fanlvairw1d2773
fanlvairw1d.ops.invesco.net
0 Karma

martinpu
Communicator
|rex field=host "(?<host>[^\.]+)"
 |stats count by host

Should do the trick. 

0 Karma

sekhar463
Path Finder

sekhar463_0-1659955585998.png

while trying with above query still i am getting hostname are not getting one 

0 Karma

sekhar463
Path Finder

Thanks for this

what this regex will do 

index=index name  |rex field=host "(?<host>[^\.]+)"
|stats count by host |dedup host 

i am using this search

as based below hostnames showing for single host due to dns resolution getting like this in splunk and how we can solve this problem as single hostname 

what was the workaround for to concatenate  for both as single host name

dallvcrfix2p2027
dallvcrfix2p.ops.invesco.net20
0 Karma

Siddharth
Path Finder

if you just want total use this after your query 

addtotals row=f col=t labelfield=host sum(field_you_want_count)

0 Karma
Get Updates on the Splunk Community!

Security Professional: Sharpen Your Defenses with These .conf25 Sessions

Sooooooooooo, guess what. .conf25 is almost here, and if you're on the Security Learning Path, this is your ...

First Steps with Splunk SOAR

Our first step was to gather a list of the playbooks we wanted and to sort them by priority.  Once this list ...

How To Build a Self-Service Observability Practice with Splunk Observability Cloud

If you’ve read our previous post on self-service observability, you already know what it is and why it ...