Solved: Re: increment count in a field based on field valu...

jiaqya · ‎08-27-2020

Need help with a situation.

Example table below:

column1,column2,column3,_time

1,2,3,21st

1,2,3,22nd

1,2,3,23rd

3,2,1,23rd

4,5,6,23rd

if on multiple days/times, column1 ,2 and 3 are same(4th column is _time ) , then add a new field(count) with incrementing numbers by _time , like below. how can this be done ? need help with query..

column1,column2,column3,_time,count

1,2,3,21st,1

1,2,3,22nd,2

1,2,3,23rd,3

3,2,1,23rd,1

4,5,6,23rd,1

thambisetty · ‎08-27-2020

| bin _time span=1d
| stats count by column1,column2,column3_time

| streamstats count by column1,column2,column3

————————————
If this helps, give a like below.

View solution in original post

jiaqya · ‎09-02-2020

Works perfectly fine, thank you...

thambisetty · ‎08-27-2020

| bin _time span=1d
| stats count by column1,column2,column3_time

| streamstats count by column1,column2,column3

————————————
If this helps, give a like below.

increment count in a field based on field values..

field extraction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation