Re: Report using Splunk - Splunk Community

Reporting

I have a file which contains :
Name,age,location,SEARCH
abhay,24,kolkata,XXX
vidu,49,chennaii,YYY
ajay,34,mumbaii,XXX
puja,45,hydrabad,XXX
this,34,mumbai,ZZZ
sure,34,kolkata,YYY

Now, i want to output like :

XXX 3
YYY 2
ZZZ 1

means first field will have the KEYWORD list and second field will have the count

| inputlookup (or inputcsv) foo.csv | search SEARCH=* | eval SEARCH=lower(SEARCH) | stats count by SEARCH

@abhayneilam: Does this answer your question? If so, could you mark it as such?

I've updated with these 2 additional constraints.
By "delete if any blank line" do you mean the whole line could be blank or just the "SEARCH" column? The first case should be handled automatically; the "search SEARCH=*" should work for the latter.

and also i would like to delete if any blank line is there

if my SEARCH field is :

XXX
xXx
xxx
XXx
XxX
XXX

then, i want to count XXX as 6 in this case but here all are coming different count...

Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience, ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...