Solved: How can I delete double values of the first field,...

Crooda · ‎10-20-2015

Hi there,

I hope you can help me. I use the URL Toolbox to get the domain of my proxy logs.

lookup ut_parse_extended_lookup url | table ut_domain count | sort -count | head 100

These are the search results in the following table:

ut_domain         count
google.com        1000
heise.de          500
yahoo.com         20
google.com        200
yahoo.com         100

There are about 10,000 more URLs, some of them very often.
I want a table with every unique URL, but the counts summed like:

ut_domain         count
google.com        1200
heise.de          500
yahoo.com         120

Has anyone an idea? Thank you very much.

richgalloway · ‎10-20-2015

Try this.

lookup ut_parse_extended_lookup url | stats sum(count) as Count by ut_domain | table ut_domain Count | sort -Count | head 100

---
If this reply helps you, Karma would be appreciated.

Crooda · ‎01-22-2016

it's working, thanks 🙂

woodcock · ‎10-20-2015

Like this:

.... lookup ut_parse_extended_lookup url | table ut_domain count | stats sum(count) AS count by ut_domain | sort -count | head 100

richgalloway · ‎10-20-2015

Try this.

lookup ut_parse_extended_lookup url | stats sum(count) as Count by ut_domain | table ut_domain Count | sort -Count | head 100

---
If this reply helps you, Karma would be appreciated.

How can I delete double values of the first field, but sum the second?