Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Threshold stats count table

hartfoml
Motivator
‎11-19-2012 09:37 AM

I want to use stats count with several fields and am running my search every hour

I don't want to show any results unless the total count is greater than 50

I had this eventtype=foo | stats count | where count > 50

I what to do this eventtype=foo | stats count by field1 field2 field3 | where Total_Count > 50

I could use "accum" but this will most often only give me the last line and I want all lines if the total of all lines are above 50

I tried eventtype=foo | streamstats count | where count > 50 | stats count by field1 field2 field3 but this did not work

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎11-19-2012 10:19 AM

Did you try eventstats?

eventtype=foo | eventstats count|where count>50|stats count by field1 field2 field3

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Eventstats

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎11-19-2012 10:19 AM

Did you try eventstats?

eventtype=foo | eventstats count|where count>50|stats count by field1 field2 field3

http://docs.splunk.com/Documentation/Splunk/5.0/SearchReference/Eventstats

0 Karma
Reply
Solved! Jump to solution

hartfoml
Motivator
‎11-19-2012 12:16 PM

this worked thanks much

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Get the T-shirt to Prove You Survived Splunk University Bootcamp

As if Splunk University, in Las Vegas, in-person, with three days of bootcamps and labs weren’t enough, now ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...