Hello,
I am very new to this tool. I have Splunk set up to monitor a log file and extract json being written to that file to a set of events. This part is working fine. What I want to do is to inspect the value of a "results" tag that is a part of every json object, and to count the number of times a unique value is found.
Right now I'm working with something like this:
sourcetype=logfile.txt
| eval success=if(result="Success",1,hit)
...
...
...
| stats count(success)...
But that isn't really working for me. Any suggestions?
Thanks!
... View more