Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splitting stats count results into 2 sepereate Columns

nic28
New Member
‎10-11-2017 11:46 PM

hi can someone please help me with this, ive been trying and searching but no luck. i want to split the "Delivered" field into 2 and stats count on each field.
ideally i want it to look like the below, so there will be the total count and then what makes up the total count should be split

Count| True| False
100 80 20

my search | mcType=delivery Dir=Inbound Sender="*" | chart sparkline count by "Sender" | sort count desc

hope it makes sense

Tags (1)
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎10-12-2017 03:19 AM

Hi nic28,
you should share more information about your request.
Anyway you should try something like this

your_search
| stats count by Delivered
| addcoltotals labelfield=Delivered label=Total
| transpose header_field=Delivered
| fields - column

Bye.
Giuseppe

0 Karma
Reply

nic28
New Member
‎10-12-2017 05:56 AM

hi cusello , so that didn't do exactly what I wanted for this search, however that will be handy for another I need to do. this was actually a simple fix to my original search I just included "Delivered"
|chart sparkline count by "Sender", Delivered |and it gave me what I wanted. sorry for the half info, still new to this. thanks again

0 Karma
Reply

harsmarvania57
Ultra Champion
‎10-12-2017 03:13 AM

Hi @nic28,

Please try below query

my search | mcType=delivery Dir=Inbound Sender="*" | eval Deli_yes=if(Delivered="True", 1, 0 ) | eval Deli_no=if(Delivered="False", 1, 0) | stats count AS TotalCount, sum(Deli_yes) AS True, sum(Deli_no) AS False by Sender

I hope this helps.

Thanks,
Harshil

0 Karma
Reply

nic28
New Member
‎10-11-2017 11:51 PM

think I forgot to give more info. so im looking at all mails coming in from a particular sender. but some mails get delivered and others don't. so the true is delivered and false not. the count just gives the total amount obviously.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...