Solved: How to get total for line count then subtotal for ...

jaj · ‎12-03-2013

Hi - Very new to splunk.

I have the following query that gives me total count for a specific log:

LOGGING string:
"log msg: stuff="

from this query I can get total by matching "log msg":

source=*/logs/stdout.log classname=Log "log msg" | stats count

However, I want to get that count as well the count for "stuff" where stuff=""

How can I modify the query above to get the total count for "log msg" and total count where stuff is empty string...(as a next ask possibly display in a stacked bar chart?) But raw data is fine for now.

somesoni2 · ‎12-03-2013

Try following

source=*/logs/stdout.log classname=Log "log msg" | stats count , count(eval(stuff=""))

View solution in original post

somesoni2 · ‎12-03-2013

Try following

source=*/logs/stdout.log classname=Log "log msg" | stats count , count(eval(stuff=""))

jaj · ‎12-03-2013

awesome, thanks!

How to get total for line count then subtotal for another field in the same query?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to get total for line count then subtotal for another field in the same query?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...