Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to calculate multiple stats count?

desi
New Member
‎08-29-2011 03:43 PM

i have following data

playdate, adid, store, 
2011-08-23, 1 , s1
2011-08-23, 2, s2
2011-08-23, 1, s2
2011-08-25, 2, s2

i need to calculate calculate:

How many time each adid played on each playdate

and in how many stores the adid played on each playdate 

adid    playdate    #of plays on each day       #of stores play on each day
1       2011-08-23  2                               2
2       2011-08-23  1                               1
2       2011-08-25  1                               1

Here is what i tried but no data returned

search..|stats count BY adid, playdate| stats sum BY adid, playdate, store

hope i explain properly

thanks

Tags (2)
0 Karma
Reply

sideview
SplunkTrust
SplunkTrust
‎08-29-2011 04:53 PM

Assuming the 'playdate' time is getting recognized by Splunk and used as the index time, then I think this is what you're looking for: 

<search...> | bin _time span="1d" | stats dc(adid) dc(store) by adid, _time
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...