Splunk Search

How do you find the difference between the count of 2 keywords?

abhishekgandhe
Explorer

I have 2 keywords.
"UniSim Job received" and "UniSim Job Run completed successfully".

I want to find the difference between the count of these 2 keywords.

0 Karma
1 Solution

nagarjuna280
Communicator

try this, replace "action" with your field name

|stats count(eval(action="UniSim Job received")) as abc count(eval(action="UniSim Job Run completed successfully")) as abcd | eval diff=abc-abcd

View solution in original post

0 Karma

nagarjuna280
Communicator

try this, replace "action" with your field name

|stats count(eval(action="UniSim Job received")) as abc count(eval(action="UniSim Job Run completed successfully")) as abcd | eval diff=abc-abcd

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@abhishekgandhe

Can you please share some more information?? like, what are your events and what is your expected output.

Thanks

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...