×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
mawani
Engager
Member since: ‎11-15-2021
‎11-15-2021
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎11-15-2021
Activity Feed
View All

Re: Search in single table with multiple stats

by in Splunk Search
‎11-15-2021 04:30 PM
‎11-15-2021 04:30 PM
Thank You for very quick response and it is working ... View more

Search in single table with multiple stats

by in Splunk Search
‎11-15-2021 01:21 PM
‎11-15-2021 01:21 PM
Hello, I am having logs in splunk in below manner. timestamp "LOGGER= PAGE NAME1 Other text" timestamp "LOGGER= PAGE NAME1 Other text" timestamp "LOGGER= PAGE NAME2 Other text" timestamp "LOGGER= PAGE NAME2 Other text" timestamp "LOGGER= PAGE NAME3 Other text" timestamp "LOGGER= PAGE NAME3 Other text" timestamp "LOGGER= PAGE NAME1 Other text" I formatted search query index=index-name ns="namespace" | rex field=_raw "LOGGER=\s*(?<PAGE_NAME1>PAGE NAME1*)" | stats count by PAGE_NAME1 | append [search index=index-name ns="namespace" | rex field=_raw "LOGGER=\s*(?<PAGE_NAME2>PAGE NAME2*)" | stats count by PAGE_NAME2 ] | append [search index=index-name ns="namespace" | rex field=_raw "LOGGER=\s*(?<PAGE_NAME3>PAGE NAME3*)" | stats count by PAGE_NAME3 ] Got result like PAGE_NAME1 Count PAGE_NAME2 PAGE_NAME3 PAGE NAME1 3       2 PAGE NAME2     2   PAGE NAME3 I am looking result should look below Page Name Pages Visited PAGE_NAME1 3 PAGE_NAME3 2 PAGE_NAME3 2 Any idea how to format search query ? ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎11-15-2021 07:51 PM