Sorry this did not help me find the solution.   ... View more

Hi Richgalloway, Thank you for the information. Need to try more of these options. I am still new to splunk. ... View more

Hi inventsekar, Thank you for your inputs. Need to try the shell script option.   ... View more

Thank you ITWhisperer for your continuous efforts to guide me. May be I will have to try with couple of any other options . ... View more

Sorry, I am not sure of sharing events from the logs. I can just tell that there is a message event as described in the previous mail which is  k45ksp: k45kspProcessControlBuff task 1 (p_id: 2). This message appears more than once in one log and I need to count how many times it appears in one log. If I use | stats count by message . It again finds how many events I have with the search term.    ... View more

This gives similar result like the previous one with one extra column with the string name.  pcb                                                              source         count k45kspProcessControlBuff                log1                  1 k45kspProcessControlBuff                log2                  1    I actually want  how many times the search term occurred throughout each log.   Thank You.     ... View more

Hi PicleRick, 1. I have one common index for all the source matching my search. 2. The search term occurs more than once in my log and I get many such logs from the index in a day. 3. I need to count how many times the search term occurs throughout my  log. I use | dedup logid so that I am not counting the same log again. Hope I have correctly answered your doubts. Plz let me know in case... Thank You.  ... View more

When I am using below search query index=* component=*  k45kspProcessControlBuff  earliest=-1d@d | stats count by source It is displaying the result something like this  source                          count log1                                 1 log2                                 1 log3                                 1   In each log/source/event the string "k45kspProcessControlBuff" is occurring more than once. I actually want to display how many times the string has occurred in each log/source/event along with the above. Thank You.   ... View more

Hi,  Even I am looking for a similar type of search. Can you share the search query if you were successful. ... View more

Thank you for your help and support..  Log here means log report. Every source has a log report. I want to count how many times this word has occurred in the log report. Should I use rex command? I am not familiar with rex command.     ... View more

Hi  I  tried this search which gives me total number of occurrences in a day .  index=* component=*  k45kspProcessControlBuff  earliest=-1d@d | stats count But I actually want to list/display/count how many times it occurred in one log  and also against the total logs in each day. Thank You.     ... View more

Hi  ITWhisperer, Thank you for the reply.  I think I need to reframe my question. I have a sentence in a log which looks something like  k45ksp: k45kspProcessControlBuff task 1 (p_id: 2). In the log, the string "k45kspProcessControlBuff" may occur more than once and there can be more 10 such logs in a day. I need to count/display how many times this string has occurred in each log in a day. Using just stats count did not work.     ... View more