Tobitor
Reputation: 1508
Splunk: count by Id
I did a query in Splunk which looks like this:
source="/log/ABCDE/cABCDEFGH/ABCDE.log" doSomeTasks
I now want to count the entries in the logfile by Id (Id is an extracted field). But I only want to count every Id once and not every time when doSomeTasks is executed. How could I do this?
Upvotes: 0
Views: 837
Answers (1)
RichG
Reputation: 9936
To count unique instances of field values, use the distinct_count or dc function.
source="/log/ABCDE/cABCDEFGH/ABCDE.log" doSomeTasks
| stats dc(Id) as IdCount
Upvotes: 2
Related Questions
- Extracting a count from raw splunk data by id
- Splunk: Get a count of all occurrences of a string?
- Count and sum in splunk
- Splunk conditional distinct count
- Sum of count with Splunk
- How to count the total number of events in a splunk search result?
- Splunk - counting numeric information in events
- How to count specific value occurrences in the same field?
- How to count results in Splunk and put them in a table?
- Splunk Query Count of Count