Splunk Search

How to "loop" or repeat a search with all values of a field to generate a table?

Hello,

How to "loop" or repeat a search with all values of a field to generate a table and count the values? I have tried foreach and map, but I believe I'm not using the syntax correctly. Thank you!

0 Karma
1 Solution

Legend

Hi SrishtiPalani,
try something like this:

| inputlookup tiers.csv 
| makemv tiers
| rex field=tiers "\d\=(?<single_tiers>[^ ]*)"
| nomv tiers
| stats values(tiers) AS tiers by single_tiers

Bye.
Giuseppe

View solution in original post

Legend

Hi SrishtiPalani,
try something like this:

| inputlookup tiers.csv 
| makemv tiers
| rex field=tiers "\d\=(?<single_tiers>[^ ]*)"
| nomv tiers
| stats values(tiers) AS tiers by single_tiers

Bye.
Giuseppe

View solution in original post

SplunkTrust
SplunkTrust

@SrishtiPalani, how many distinct APPs you have in total? How will you get the distinct APP names(is it from the same lookup file)?

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma