Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

count by amount of listed events of one field inside a filed

dirkbaumann
Explorer
‎05-14-2013 06:22 AM

Hi,
I want to count how often a Specific field let's call it x is inside a file.
The reason is to follow the flow.
Therefore i use the transaction function to have one file per flow.

Afterwards the file is for example like:

x=a y=yxd z=asdfa x=b x=c

I want now count how often x is in the file and when x is more then once in a file i want to see the results behind the x=

Tags (1)
0 Karma
Reply

neilamoran
Explorer
‎05-14-2013 06:38 AM 
| chart values(x) by file

...might do it.

Reply

dirkbaumann
Explorer
‎05-14-2013 11:22 PM

Thank's for that answer but this is just part of the answer after having that i want to see all the parts in detail where x is more than once in a file

stats values(x) As variable by ID| stats count(variable) As VARIABLE by ID | where VARIABLE> 1

After that I wanted to make the values(x) command to see the results but it won't show me the different x versions per ID
The question is how can I see in the results table the different x=... x=... versions

0 Karma
Reply

kristian_kolb
Ultra Champion
‎05-14-2013 06:47 AM

Just make sure that the 'file' is actually a single file, if that is your requirement. Normally, events are not really seen as part of a particular file, unless the application creating the file has some naming scheme, e.g. app_log-yyyy-mm-dd.log. That file name would then be found in the source field.

0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...