Solved: want 0 count if keyword does not match

abhayneilam · ‎10-29-2012

index="usb_weekly_data" |rex field="src_file_name" (?(?i)"presentation") | stats count as First by key_word

above query returns me :

presentation 47

but if I change the keyword to "halla" then it is not matching in the "src_field_name" field, then it should give me 0 as an output like :

halla 0

Please help me to get this type of 0 output for non-matching keywords !!

Please help me this time, I have been searching for the solution , but didnt get yet !!

Your help would be highly appreciated !!

Thanks in Advance

sdaniels · ‎10-29-2012

This previous answer may help so that you can represent no results found as a 0:

http://splunk-base.splunk.com/answers/59589/no-results-found-to-be-represented-as-null-or-0

View solution in original post

sdaniels · ‎10-29-2012

This previous answer may help so that you can represent no results found as a 0:

http://splunk-base.splunk.com/answers/59589/no-results-found-to-be-represented-as-null-or-0

abhayneilam · ‎10-29-2012

Many Many thanks sdaniels for this , this really helped me a lot, I appreciate your help for this and hope to get same assistance in future also. Once again very very thanks 🙂

want 0 count if keyword does not match

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life