Hello Splunk Community,
I have created a query to calculate the business date of the file which arrived to be loaded & the date/time it arrived, which outputs the following (dummy data used):
| File | Business Date | Arrival Date | Arrival Time |
| File A | 22-11-2021 | 06-12-2021 | 6.51 |
| File B | 22-11-2021 | 06-12-2021 | 6.55 |
| File B | 22-11-2021 | 06-12-2021 | 6.56 |
I want to create a new column which highlights if a file (with the same business date) arrived more than once on the same day. So for example the output would look like so:
| File | Business Date | Arrival Date | Arrival Time | Count |
| File A | 22-11-2021 | 06-12-2021 | 6.51 | 1 |
| File B | 22-11-2021 | 06-12-2021 | 6.55 | 2 |
| File B | 22-11-2021 | 06-12-2021 | 6.56 | 2 |
Can anyone help improving my query to include this new column?
Thanks,
Zoe
