Solved: Group field value and count rather than overall co...

emamedov · ‎01-11-2016

eventtype="product-view"|stats count list(productname) as Products by username firmname

The above is the search string that I'm using and I receive the following results:

Instead of listing an overall count of products, I would like to have a count for each individual product. Not sure how to edit the current string or add a nested stats string to accomplish the said task.

somesoni2 · ‎01-11-2016

Try this

eventtype="product-view"|stats count by username firmname,productname | stats list(*) as * by username firmname

View solution in original post

somesoni2 · ‎01-11-2016

Try this

eventtype="product-view"|stats count by username firmname,productname | stats list(*) as * by username firmname

emamedov · ‎01-11-2016

That did the trick! Thank you very much!

sundareshr · ‎01-11-2016

Try this..

eventtype="product-view"|stats count by productname

emamedov · ‎01-11-2016

That doesn't specifically display the username and firmname though. Please see below:

http://imgur.com/UiTNvK5

Group field value and count rather than overall count

Introducing Splunk Enterprise 9.2

Adoption of RUM and APM at Splunk

Routing logs with Splunk OTel Collector for Kubernetes