I have a bunch of log entries that all come from the same host as far as Splunk is concerned, but contain the name of the host in log entry. Long term I might want to look into associating these entries with the host, but for the time being I would just like get the count of these entries per host as describe in the log entry.
So for example, if 'foo' brings up all the entries. And each entry contains something like 'arf=baz1' or 'arf=baz2', how do I get how many of the results are for baz1, how many are for baz2, etc?
... View more