Solved: Count occurrences of multiple fields

joxley · ‎12-13-2014

I have the following data

start_station   | end_station
_____________________________
Wimbledon       | Waterloo
Wimbledon       | Vauxhall
Vauxhall        | Wimbledon
Waterloo        | Vauxhall

I want to count how many times I visited each station and get the following output

Vauxhall   | 2
Waterloo   | 1
Wimbledon  | 3

joxley · ‎12-13-2014

One possible solution is to make a multi-value field out of the two fields then count by that

| eval stations=start_station + ";" + end_station | makemv delim=";" stations | stats count by stations

View solution in original post

tachifelix · ‎12-16-2014

try this search string: "change source name"
note:the following search don't work in splunk 6.2

  source="test32.csv" | stats count by start_station |appendcols [search source="test32.csv"|stats count as end by end_station]  | table start_station end|fillnull value=0

joxley · ‎12-13-2014

One possible solution is to make a multi-value field out of the two fields then count by that

| eval stations=start_station + ";" + end_station | makemv delim=";" stations | stats count by stations

Count occurrences of multiple fields

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life