Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to count the same values over different fields together?

RonWonkers
Path Finder
‎06-19-2024 07:31 AM

Lets say we have the following data set:

 

Fruit_ID Fruit_1 Fruit_2

1 Apple NULL

2 Apple NULL

3 Apple NULL

4 Orange NULL

5 Orange NULL

6 Orange NULL

7 Apple Orange

8 Apple Orange

9 Apple Orange

10 Apple Orange

 

Now I am trying to count the total amount of every fruit, in the above example it should be 7 apples and 7 oranges, the problem is that these fruits are seperated in 2 different columns because a fruit name can be both an apple AND an orange, how do I deal with this when counting the total amount of fruit?

Counting one at a time works:

| stats count by Fruit_1

But how do I count both to give a total number since they are 2 seperate columns

I tried combining both columns so its all in 1 long list of values in 1 column but I could not get a definitive answer on how to do this. I tried appending results so first count Fruit_1, then append count Fruit_2 but I did not get the right result of Apple: 7 Orange: 7. Its either 1 or the other.

Does anybody have a fix for how to count over multiple fields like this and combine the result together in 1 field?

Labels (6)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-19-2024 10:27 AM 
| eval fruit=mvappend(fruit1,if(fruit2!="NULL",fruit2,null()))
| stats count by fruit

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-19-2024 10:27 AM 
| eval fruit=mvappend(fruit1,if(fruit2!="NULL",fruit2,null()))
| stats count by fruit
Reply
Solved! Jump to solution

RonWonkers
Path Finder
‎06-19-2024 10:31 AM

Thank you! Just like that it works and only in 1 line 🙂

0 Karma
Reply
Solved! Jump to solution

RonWonkers
Path Finder
‎06-19-2024 10:04 AM

A little update:

I now got to a point where I have the following situation:

Fruit_1 count Fruit_2 count

Apple 5 null null

Orange 10 null null

Pear 5 Apple 5

Melon 10 Orange 10
How do I get it so that the amount of apples and oranges from column Fruit_1 and Fruit_2 are combined into 1 big fruit list and 1 count list?

So the result should be:

Fruit Count

Apple 10

Orange 20

Pear 5

Melon 5
0 Karma
Reply
Solved! Jump to solution

RonWonkers
Path Finder
‎06-19-2024 07:34 AM

For context: this question is regarding use cases/user stories for Splunk.

A use case can be linked to multiple user stories, and I want to count the amount of total user stories.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...