×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Thomas2
Explorer
Member since: ‎12-05-2024
‎12-06-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎12-05-2024
View All

Re: stats count returning servers more than once u...

by in Splunk Search
‎12-06-2024 10:23 AM
‎12-06-2024 10:23 AM
Yes I took out the leading *.  Thank you much  ... View more

Re: stats count returning servers more than once u...

by in Splunk Search
‎12-06-2024 10:22 AM
‎12-06-2024 10:22 AM
Yes this worked, thank you very much ... View more

Re: stats count returning servers more than once u...

by in Splunk Search
‎12-05-2024 11:53 AM
‎12-05-2024 11:53 AM
Let me give this a try.  Thank you, Giuseppe ... View more

stats count returning servers more than once using...

by in Splunk Search
‎12-05-2024 08:20 AM
‎12-05-2024 08:20 AM
Trying to get a count of servers sending logs to an index "cloud_servers", Running this command to get the count: index=cloud_servers | search host="*server_name-h-nk01-*" | dedup host | stats count The problem is, some servers it's counting twice because the server names appear with and without a fqdn depending on the type of log being sent.  So dedup doesn't work since technically it is a unique host.   Example of the same server appearing with two host names: host buffnybd1-h-nk01-555 host buffnybd1-h-nk01-555.nyny.os1.com Is there a way to count the server just using the first 20 or so digits, so it will ingore the fqdn? Thank you ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-06-2024 08:29 PM
Karma given to
View All