Activity Feed
- Posted Re: Cisco eStreamer eNcore Add-on for Splunk does not properly parse the field URL on All Apps and Add-ons. 05-27-2021 02:47 PM
- Karma Re: Simple XML - Encountering the error - EntityRef: expecting ';' for martin_mueller. 06-05-2020 12:47 AM
- Karma Re: Calculating with the result of stats count. for bmacias84. 06-05-2020 12:46 AM
- Karma Re: Use lookup table to specify hosts to search for Ayn. 06-05-2020 12:46 AM
- Posted Re: Unable to configure SecKit for geolocation with Maxmind on All Apps and Add-ons. 04-08-2020 03:37 PM
- Posted How to count the number of times a certain value appears per field? on Splunk Search. 04-26-2016 07:33 PM
- Tagged How to count the number of times a certain value appears per field? on Splunk Search. 04-26-2016 07:33 PM
- Tagged How to count the number of times a certain value appears per field? on Splunk Search. 04-26-2016 07:33 PM
- Tagged How to count the number of times a certain value appears per field? on Splunk Search. 04-26-2016 07:33 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 |
05-27-2021
02:47 PM
I modified cisco:estreamer:data : FIELDALIAS-estreamer_url and added url=url. It only had uri=url. I don't know why url didn't automatically extract but now |table url works. Splunk 8.x TA-eStreamer 4.6.0 Hope that helps.
... View more
04-08-2020
03:37 PM
I'm having the same issue. SH is v 7.1.1
... View more
04-26-2016
07:33 PM
I'm new to Splunk - be kind...
I can produce a table where I can get:
Field1 Field2 Field3 Field4.... Computer
true false true false 192.168.1.1
false true true false 192.168.1.2
etc.
What I'm trying to do is get just the count of 'true' per field, e.g.:
Field1: 1
Field2: 1
Field3: 2
Field4: 0
I've tried:
query | stats count(eval(match(Field1,true))) as F1, count(eval(match(Field2,"true"))) as F2, etc.
All Fields return Zero (0)
query | stats count(eval(match(Field1,true))) as F1, count(eval(match(Field2,"true"))) as F2, etc. by Computer.
All Fields return Zero (0)
query |stats count(eval(Field1=true)) as F1, count(eval(Field2=true) as F2, etc.
Still, nada - zero(0)s.
query |stats count(if(Field1=true)) as F1....
What am I missing? I've spent hours trying to figure this out.
Cheers, -T
... View more
