Solved: How to search and table count for multiple fields?

vtsguerrero · ‎08-29-2014

Can anyone help me making this table?
I have the field Status, wich has events Status=1, Status=2, Status=3.
I need to count events for each and make a table for each, example

Channel | Total Status = 1 | Total Status = 2 | Total Status = 3

Channel A
Channel B
Channel C

This is my current query:

index=main sourcetype=control | stats count, values(Status) as Status by STATUS | table Channel, count

Ayn · ‎08-29-2014

index=main sourcetype=control | chart count over Channel by STATUS

?

View solution in original post

Ayn · ‎08-29-2014

index=main sourcetype=control | chart count over Channel by STATUS

?

vtsguerrero · ‎08-29-2014

Thanks a lot Ayn! Solved my problems! 😄

vtsguerrero · ‎08-29-2014

I forgot to mention that this table should also show per Channel for each line :X
What's the easiest way I can do this?

How to search and table count for multiple fields?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

Are you a member of the Splunk Community?

How to search and table count for multiple fields?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!