Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add an incremental number field in search output

sympatiko
Communicator
‎12-07-2014 07:25 AM

HI,

I just want to ask if it's possible to have an incremental number in my output table in splunk search? Example:

Index=a dstip="*" | top limit=20 dstip

dstip percent

1 dstip1 100
2 dstip2 99
..
..

Originally the output has no # fields. Is possible to add that in my search command?

Thanks,

Tags (2)
Reply

lguinn2
Legend
‎12-07-2014 09:21 AM

Try this

index=a dstip="*" 
| top limit=20 dstip showcount=f
| eval counter=1
| accum counter as LineNumber
| fields - counter
| table LineNumber dstip percent
Reply

sympatiko
Communicator
‎12-08-2014 01:41 AM

Hi Iguinn,

Thanks for your help. If I put the LineNumber on the on the last statement like this "table LineNumber dstip percent" no value on the LineNumber field is being displayed but when I search like this "table dstip percent LineNumber" it has a value.

Thanks you

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...