not getting empty row value count when doing count...

satishachary199 · ‎06-14-2018

i have four filed in a csv file, where some time , one filed value coming as empty, as like below
field1 , field2, field3, field4
DBW DCAR XTY XXS
DBW DCAR XTY XXF
LG DPORT XXS
LG DPORT XTY XXF

Like ,above data when i am doing "count by field1,field2,field3,field4 " not getting the count of empty value.

Thanks in Advance

Williammbrooks · ‎06-15-2018

We can specify columns we want to calculate in two ways:
COUNT(*) will count all rows in all the columns. The result will be taken from the column that has the highest result.
COUNT(FIELD_NAME) that will calculate the row for a particular field (column).
Furthermore, we can use the COUNT function with or without the DISTINCT clause:
COUNT to count all the rows even if there are duplications of data.
COUNT( DISTINCT ...) to calculate unique rows (rows with same values will not be counted). You can visit my site for more details.

somesoni2 · ‎06-14-2018

If any of the field used in by clause of stats command is null, the whole row is dropped. What type of stats you want to do? I believe you'd need to use fillnull before stats to replace null value with some string e.g. N/A, and then do the stats so that you'd get count for all combinations.

satishachary199 · ‎06-15-2018

thank you , followed the same , got solution.

not getting empty row value count when doing count by fields.

Splunk Answers Content Calendar, June Edition

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Are you a member of the Splunk Community?

not getting empty row value count when doing count by fields.

Splunk Answers Content Calendar, June Edition

What You Read The Most: Splunk Lantern’s Most Popular Articles!

See your relevant APM services, dashboards, and alerts in one place with the updated ...