Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Passing a count to a token used for a label in Single

jdbtee
Path Finder
‎09-19-2014 05:50 AM

Hi

I have a single which shows the total assets after a search.

I then want to add a token so that i can use the result of that search to add it a label, to show value /$value$

so: index="123" | search field="abc " AS foo | count(foo) AS $tkn_bar$ | [search index="456" | search field2="def" AS new | count(new) AS new | fields new

So the single would show: new

Then in the label it would be: / $tot_bar$ which would really be "/ foo.count"

So the final single would display: new / foo.count

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎09-19-2014 04:31 PM

Try this

 index="456" | search field2="def" AS new | count(new) AS new | appendcols [search index="123" | search field="abc " AS foo | count(foo) as temp]  | eval final=new."/".temp | fields final

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎09-19-2014 04:31 PM

Try this

 index="456" | search field2="def" AS new | count(new) AS new | appendcols [search index="123" | search field="abc " AS foo | count(foo) as temp]  | eval final=new."/".temp | fields final
Reply
Solved! Jump to solution

jdbtee
Path Finder
‎10-06-2014 02:06 AM

Perfect cheers

0 Karma
Reply
Get Updates on the Splunk Community!

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...