×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
larunrahul
Observer
Member since: ‎07-14-2024
‎07-14-2024
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-14-2024
Activity Feed
View All

Re: Count of multiple unique events per field

by in Splunk Search
‎07-14-2024 07:39 AM
1 Karma
‎07-14-2024 07:39 AM
1 Karma
Hi @larunrahul, You can use the rex, chart, and where commands to extract the call type, summarize the events, and filter the results, respectively: | makeresults format=csv data="_raw TXN_ID=abcd inbound call INGRESS TXN_ID=abcd inbound call EGRESS TXN_ID=efgh inbound call INGRESS" | extract | rex "inbound call (?<call_type>[^\\s]+)" | chart count over TXN_ID by call_type | where INGRESS!=EGRESS TXN_ID EGRESS INGRESS efgh 0 1 I've used the extract command to automatically extract the TXN_ID field in the example, but if your events are already indexed, Splunk will have done that for you automatically. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-14-2024 04:34 PM