×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
fward92
Engager
Member since: ‎10-08-2020
‎10-08-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎10-08-2020
Activity Feed
View All

Re: Count Single Occurrence Based On Value

by SplunkTrust in Splunk Search
‎10-08-2020 11:33 PM
‎10-08-2020 11:33 PM
Hi @fward92, I haven't your data so I cannot test your conditions, but anyway, you can apply the approch of this sample: index=_internal | stats values(source) AS source dc(source) AS dc_source BY user | eval status=if(dc_source=1 OR match(source,"scripted"),"OK","NOK") In few words: if you have only one value you take it, if you have more values you takes the ones that match a word, then you can exclude the "NOK". Ciao. Giuseppe ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎10-08-2020 04:27 PM
Karma given to
View All