Solved: Re: stats count

splunk_novice99 · ‎10-25-2023

Hello again splunk experts

This is my current situation:-

job_no field4
131 string1
string2

132 string3
string4

|table job_no, field2, field4|dedup, job_no, field2
|stats count dc(field4) AS dc_field4 by job_no
|eval calc=dc_field4 * count

produces:-

job_no field2 dc_field4 calc

131	6	2	12
132	6	2	12

This all works fine. The problem is that I also want to include the strings (string1,string2,string3,string4) in my table.

Like this:-

job_no field4 field2 dc_field4 calc

131	string1, string2	6	2	12
132	string3, string4	6	2	12

Any help would be greatly appreciated,

richgalloway · ‎10-25-2023

Tell the stats command you want the values of field4.

|fields job_no, field2, field4
|dedup job_no, field2
|stats count, dc(field4) AS dc_field4, values(field4) as field4 by job_no
|eval calc=dc_field4 * count

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎10-25-2023

Tell the stats command you want the values of field4.

|fields job_no, field2, field4
|dedup job_no, field2
|stats count, dc(field4) AS dc_field4, values(field4) as field4 by job_no
|eval calc=dc_field4 * count

---
If this reply helps you, Karma would be appreciated.

splunk_novice99 · ‎10-25-2023

Perfect! exactly what I was after.

Many thanks.

stats count

stats

Introducing the Splunk Community Dashboard Challenge!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...