Re: How to convert tabular data to distinct count

VijaySrrie · ‎03-04-2021

How to convert tabular data to distinct count

Hi,

I have a splunk query

| stats count by operation (under field operation we have activate and deactivate count)

How to convert it to distinct count (instead of tabular format I want only the count to be displayed)

VijaySrrie · ‎03-04-2021

It is not working, I should get the result as 2

ITWhisperer · ‎03-04-2021

| stats dc(operation) as count

Is that what you mean?

VijaySrrie · ‎03-04-2021

yes, this query gave me count as 1, I want the count of activate to be displayed. Better I will create the field extraction for activate and use the below query

| stats dc(activate) as count

ITWhisperer · ‎03-04-2021

| where operation="activate"
| stats count by operation

VijaySrrie · ‎03-04-2021

User wanted only the numerical value to be displayed, so I used above query

| search operation="activate"
| stats count by operation
| table count

How to convert tabular data to distinct count

count

stats

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users