Splunk Search

How to condense names and change to number?

darrenaefc
Engager

This is a very basic question. I have a set of data that gives me a list of groups and the names of each user in each group. instead of having the names per group I would like to have a number that represents the number of people in a group.

Eg. My table shows ID|GroupName

Under "ID" are users listed by their names EX. USER1, USER2,USER3,USER4 -- They all are a part of WindowsGRoup

I would like for it appear as ID=4 GroupName=WindowsGroup.... So when looking at the table you can see 4 users are apart of the Windows Group.

(I hope i explained that fine)

0 Karma

woodcock
Esteemed Legend

Take your existing search and add to it this:

... | stats dc(ID) AS IDcount values(ID) AS ID BY GroupName
0 Karma

darrenaefc
Engager

thank you so much!!!!!

0 Karma

woodcock
Esteemed Legend

If that solved it, be sure to come back and click Accept to close the question (and UpVote any other useful comments/answers).

0 Karma

woodcock
Esteemed Legend

@darrenaefc Come back and close the question!

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...