Solved: Query on stats values

p_basanth · ‎03-21-2013

| stats values(Domain), count by Short_Host gives me overall count. But i need individual count of each Domain.

| stats count by values(Domain) does not provide any results.

I am expecting the below output

Host1 --> Domain1 --> 5

--> Domain2 --> 8

--> Domain3 --> 1

Host2 --> Domain1 --> 9

--> Domain2 --> 3

--> Domain3 --> 7

Ayn · ‎03-21-2013

The by-clause expects field names, nothing else. You should take the Splunk tutorial if you haven't already, it covers things like this.

... | stats count by Short_Host,Domain

Ayn · ‎03-21-2013

The by-clause expects field names, nothing else. You should take the Splunk tutorial if you haven't already, it covers things like this.

... | stats count by Short_Host,Domain

Ayn · ‎03-21-2013

? That's exactly what you get. If you want it split up not by Short_Host AND Domain, just split by Domain.

p_basanth · ‎03-21-2013

is it not possible to get count for each values(Domain)

Query on stats values