i have 2 kinds of events - X and Y
and i want to see how many times X+Y happens at the same time and how many times each one of them happens alone
how can i do it ?
this is the flow :
Do you think it will be possible to run something like this a single splunk query, and moreso will it be efficient to have nested queries and loops in the same command?
this is the flow i want :
if your events are in indexes X and Y, you could run something like this:
index=X OR index=Y | stats count BY index | addcoltotals labelfield=index label="Total"
if your events are in the same index, find a field to divide them (e.g. sourcetype or something else) and use it in stats count command.