Re: How to convert tabular data to distinct count

VijaySrrie · ‎03-04-2021

How to convert tabular data to distinct count

Hi,

I have a splunk query

| stats count by operation (under field operation we have activate and deactivate count)

How to convert it to distinct count (instead of tabular format I want only the count to be displayed)

VijaySrrie · ‎03-04-2021

It is not working, I should get the result as 2

ITWhisperer · ‎03-04-2021

| stats dc(operation) as count

Is that what you mean?

VijaySrrie · ‎03-04-2021

yes, this query gave me count as 1, I want the count of activate to be displayed. Better I will create the field extraction for activate and use the below query

| stats dc(activate) as count

ITWhisperer · ‎03-04-2021

| where operation="activate"
| stats count by operation

VijaySrrie · ‎03-04-2021

User wanted only the numerical value to be displayed, so I used above query

| search operation="activate"
| stats count by operation
| table count

How to convert tabular data to distinct count

count

stats

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!