Solved: How to count two file paths?

meisjen26 · ‎05-25-2015

I'm very new to spiunk so bare with me. I'm trying to count the number of events on two seperate file paths and have them display in a table in sep fields. So far, I include FullFilepath="*:\*" and I exclude the particular paths I'm not interested in... for example.... FullFilePath!="E:\*" ...therefore in my search, I return a count of all filepaths that are not E.

What I would like to do is include the count for both E: file paths and non E:..but in seperate fields. Can anyone provide an example on how to do this? or a good direction? Thanks!

woodcock · ‎05-25-2015

Like this:

... | stats count(eval(FullFilePath="E:*")) AS ECount count(eval(FullFilePath!="E:*")) AS OtherCount

View solution in original post

woodcock · ‎05-25-2015

Like this:

... | stats count(eval(FullFilePath="E:*")) AS ECount count(eval(FullFilePath!="E:*")) AS OtherCount

meisjen26 · ‎05-25-2015

thanks a lot

How to count two file paths?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Monitoring AI Agents with Splunk Observability Cloud

Join the Conversation