Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to Filter data from result?

Akmal57
Path Finder
‎08-27-2023 11:00 PM

We have a set of data which populate host and ip

Eg.

Host                  IP                            count

ESDBAS         10.10.10.10              1

ASFDB             192.0.0.0                   1

Query:

index=a  sourcetype=b
| stats values(ip) as IP count by host

i need the result which any hostname that contain DB should come out on another field

eg:

Host                  IP                            count      Environment

ESDBAS         10.10.10.10              1                      DB

ASFDB             192.0.0.0                   1                      DB

Please assist me on this

 

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-28-2023 12:24 AM

Hi @Akmal57,

let me understand: you want also to count the occurrences of the word "DB" in the hostnames?

If this is your requirement, you have two solutions:

you could use the rex command before the stats, somehing like this:

index=a sourcetype=b
| rex field=host "(?<Environment>DB)"
| stats values(ip) AS IP values(Environment) AS Environment count BY host

or the eval command:

index=a sourcetype=b
| eval Environment=if(match(host,"DB"),"DB","")
| stats values(ip) AS IP values(Environment) AS Environment count BY host

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-28-2023 12:24 AM

Hi @Akmal57,

let me understand: you want also to count the occurrences of the word "DB" in the hostnames?

If this is your requirement, you have two solutions:

you could use the rex command before the stats, somehing like this:

index=a sourcetype=b
| rex field=host "(?<Environment>DB)"
| stats values(ip) AS IP values(Environment) AS Environment count BY host

or the eval command:

index=a sourcetype=b
| eval Environment=if(match(host,"DB"),"DB","")
| stats values(ip) AS IP values(Environment) AS Environment count BY host

Ciao.

Giuseppe

Reply
Solved! Jump to solution

Akmal57
Path Finder
‎08-28-2023 07:41 PM

Hi @gcusello , 

Thank you very much for your assist.

What you understand is correct, both of your query works perfectly fine as expected.

0 Karma
Reply
Get Updates on the Splunk Community!

Cultivate Your Career Growth with Fresh Splunk Training

Growth doesn’t just happen—it’s nurtured. Like tending a garden, developing your Splunk skills takes the right ...

Introducing a Smarter Way to Discover Apps on Splunkbase

We’re excited to announce the launch of a foundational enhancement to Splunkbase: App Tiering.  Because we’ve ...

How to Send Splunk Observability Alerts to Webex teams in Minutes

As a Developer Evangelist at Splunk, my team and I are constantly tinkering with technology to explore its ...