This seems like it should be simple, but I'm new to Splunk and can't figure it out. I have one field dc(Name) that corresponds with another field that has multiple values.
For example:
Name: Values:
PC1 Value1, Value2, Value3
PC2 Value1, Value2, Value4
PC3 Value1, Value2
I need to get a count of the total number of distinct "Values" for distinct "Names". So, the sum of 3 values for PC1, 3 for PC2, 2 for PC3 etc...Keep i mind this comes from a daily DB input so the events will duplicate after every import. I looked into a few different commands but they don't seem to be working for this task.
Thanks for any help.
Like this:
... | stats values(Values) AS Values by Name | eval numValues=mvcount(Values)
Like this:
... | stats values(Values) AS Values by Name | eval numValues=mvcount(Values)
Thanks! That seemed to do the trick.
Do not forget to close the question by accepting the answer.
Is the field Values a multivalued field OR it's a single string with multiple values separated by comma? What is your current search?