Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to edit my search to add a column with total count per source?

sicspunky
New Member
‎12-22-2016 08:48 AM

Hi All,

Cracking my head trying to get this to work.
Basically i need to add another column which will be "Count". Total count of all the hits per source to the URLs. Eg: Source A hits Google 10 times and Yahoo 12 times. So the url portion will show google & yahoo + a total count of 22.
alt text

Current search as below.

table src desc ResolvedDomain  |dedup ResolvedDomain src| mvcombine ResolvedDomain|rename src as Source |rename dst as "Dst IP"| rename desc as "Description" | rename ResolvedDomain as URL

Can anyone point me in the right direction? what should i use?

Thanks
De

Preview file
1 KB
0 Karma
Reply

somesoni2
Revered Legend
‎12-22-2016 09:05 AM

Give this a try

base search| table src desc ResolvedDomain 
|stats count by src dst desc ResolvedDomain
| stats list(count) as count sum(count) as TotalCount list(ResolvedDomain) as URL by src dest desc
|rename src as Source dst as "Dst IP"  desc as "Description"
0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...