I have lots of logs for client order id ( field_ name is clitag ), i have to find unique count of client order( field_ name is clitag ) received so far that day?
In principle I would use stats count or stats dc(fieldname) but I need more information about your data.
Can you post some events and give us an example of what you are trying to achieve?
I tried answering but realized it's all guesswork and probably wrong until we get a few events to look at.
It is possible it's something like
... my search earliest=@d | stats dc(client_ag)
But it's too hard to tell.
Could you provide a few events and describe the important pieces for us?
thanks for your help, i tried this and it is working fine 🙂
hi gpant,
try uses the function values()
used to have these distinct values and dc ()
to get the number of distinct values.
for more informations, follow this link:
http://docs.splunk.com/Documentation/Splunk/6.1/SearchReference/CommonStatsFunctions
hello, dc(filed_name) is working.. thank you
In principle I would use stats count or stats dc(fieldname) but I need more information about your data.
Can you post some events and give us an example of what you are trying to achieve?
i tried these, and it is working ..