Thanks its working !! I have all event with 31 fields so I cant find which event has more or less fields. BTW it is a good one , Appreciated , I am liking it !!

Thanks a lot !!

I have splunk 6, lemme work on that, will get back to you soon !!

In case your last sentence meant you were looking for a field calculated for each event, you can do this:

your base search | eval fieldcount = -18 | foreach * [eval fieldcount = fieldcount + 1]

This will deduct itself and the 17 fields listed above from the total count and requires Splunk 6 to work.

Those seventeen extra fields probably are these:

date_hour
date_mday
date_minute
date_month
date_second
date_wday
date_year
date_zone
host
index
linecount
punct
source
sourcetype
splunk_server
timeendpos
timestartpos

They're added to each event by default. You could either remove them from your search pipeline using the fields command, or just subtract 17 from your result.

I checked that, I have total of 31 fields in my Json File in each event, but after giving this it is coming 48 count , it is also picking up some extra fields from "interesting fields" which is not the part of the JSON file.
The output is coming as 48 but I need "Total Number of Fields per events "