Solved: How do I add the count of string values in each ro...

477450 · ‎08-19-2015

Hi guys,

If I want to add the total values from each row, I can use the command | addtotal and this is only used to add numeric values, but if I want to add the number of string values from each row, which command can I use....? I want my output to be like this.

host   field1   field2   field2   Total
h1    abc     efg      ghi     3
h2   jkl      mno               2
h3             pqr              1

Thanks in advance

477450 · ‎08-20-2015

The exact answer is this

base search |eval count=if(field1!=" ",1,0) |eval count=count+if(field2!=" ",1,0)|eval count=count+if(field3!=" ",1,0)|eval count=count+if(field4!=" ",1,0)|table host field1 field2 field3 field4 count

View solution in original post

477450 · ‎08-20-2015

The exact answer is this

base search |eval count=if(field1!=" ",1,0) |eval count=count+if(field2!=" ",1,0)|eval count=count+if(field3!=" ",1,0)|eval count=count+if(field4!=" ",1,0)|table host field1 field2 field3 field4 count

somesoni2 · ‎08-19-2015

Try something like this

YOur current search giving example output (without Total) | untable host metric value | appendpipe [| stats dc(value) as value by host | eval metric="Total" ] | chart values(*) over host by metric | table host * Total

477450 · ‎08-20-2015

Thanks buddy ..but this is adding each character of the string, i want the total of all the fields values in a single row.

somesoni2 · ‎08-20-2015

My bad, was using the wrong column in the appendpipe. Just updated. See if that works.

How do I add the count of string values in each row?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor