Solved: How to count two file paths?

meisjen26 · ‎05-25-2015

I'm very new to spiunk so bare with me. I'm trying to count the number of events on two seperate file paths and have them display in a table in sep fields. So far, I include FullFilepath="*:\*" and I exclude the particular paths I'm not interested in... for example.... FullFilePath!="E:\*" ...therefore in my search, I return a count of all filepaths that are not E.

What I would like to do is include the count for both E: file paths and non E:..but in seperate fields. Can anyone provide an example on how to do this? or a good direction? Thanks!

woodcock · ‎05-25-2015

Like this:

... | stats count(eval(FullFilePath="E:*")) AS ECount count(eval(FullFilePath!="E:*")) AS OtherCount

View solution in original post

woodcock · ‎05-25-2015

Like this:

... | stats count(eval(FullFilePath="E:*")) AS ECount count(eval(FullFilePath!="E:*")) AS OtherCount

meisjen26 · ‎05-25-2015

thanks a lot

How to count two file paths?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

Are you a member of the Splunk Community?

How to count two file paths?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases