Arindam
Reputation: 53
Splunk query formulation for unique records as per specific fields
Hi I have a log file that has thousands of records with a field called correlationId.... I am trying to write a search query that will return me total count of unique records by correlationId. Can anyone give some idea about how to formulate the query.
Upvotes: 0
Views: 1822
Answers (1)
smi
Reputation: 56
if the field name is correlationId, try
index=<index>.. | stats dc(correlationId)
this will find the records with unique values of field correlationId, and count them
Upvotes: 2
Related Questions
- splunk query to extract multiple fields from single field
- Splunk : Record deduplication using an unique field
- Splunk Streamlined search for specific fields only
- Get distinct results (filtered results) of Splunk Query based on a results field/string value
- Splunk conditional distinct count
- Searching for a particular kind of field in Splunk
- Splunk queries: filter by _meta fields
- Splunk Query - Compute stats by removing duplicates and custom query
- Splunk query to filter results
- Splunk: Extracting multiple fields with the same name