not getting empty row value count when doing count...

satishachary199 · ‎06-14-2018

i have four filed in a csv file, where some time , one filed value coming as empty, as like below
field1 , field2, field3, field4
DBW DCAR XTY XXS
DBW DCAR XTY XXF
LG DPORT XXS
LG DPORT XTY XXF

Like ,above data when i am doing "count by field1,field2,field3,field4 " not getting the count of empty value.

Thanks in Advance

Williammbrooks · ‎06-15-2018

We can specify columns we want to calculate in two ways:
COUNT(*) will count all rows in all the columns. The result will be taken from the column that has the highest result.
COUNT(FIELD_NAME) that will calculate the row for a particular field (column).
Furthermore, we can use the COUNT function with or without the DISTINCT clause:
COUNT to count all the rows even if there are duplications of data.
COUNT( DISTINCT ...) to calculate unique rows (rows with same values will not be counted). You can visit my site for more details.

somesoni2 · ‎06-14-2018

If any of the field used in by clause of stats command is null, the whole row is dropped. What type of stats you want to do? I believe you'd need to use fillnull before stats to replace null value with some string e.g. N/A, and then do the stats so that you'd get count for all combinations.

satishachary199 · ‎06-15-2018

thank you , followed the same , got solution.

not getting empty row value count when doing count by fields.

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

Are you a member of the Splunk Community?

not getting empty row value count when doing count by fields.

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes