Solved: implement excel countif function in Splunk

Chandras11 · ‎04-19-2018

Hi All,

Following is my source table (pelase consider the first 2 fields:- Value and Root_Value only):-

I want to find the count of values based on root values and store it a new field Count_Root_Values.The output should look like this

In excel, there is formulla for it :- =IF(COUNTIF(B$2:B2; B2)=1;COUNTIF(B:B; B2);TEXT(;)) .
In Splunk, I am trying to use the eval to generate the new field and stats count(Value) by ROOT_Value to find the number. But I really missing the iterative process to fin the count only once.

FrankVl · ‎04-19-2018

Try:
| stats count as Count_Root_values by ROOT_value

If you want to keep the original data as well, you could try eventstats instead of stats. But that will not give you the exact result from your example, as it will put the count on each row. Why exactly is that a problem?

View solution in original post

FrankVl · ‎04-19-2018

Try:
| stats count as Count_Root_values by ROOT_value

If you want to keep the original data as well, you could try eventstats instead of stats. But that will not give you the exact result from your example, as it will put the count on each row. Why exactly is that a problem?

implement excel countif function in Splunk

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!