There are many ways to achieve the above scenario :
1. Using “steamstats”
index=”_internal” sourcetype=splunkd
| table log_level, splunk_server
| head 4
| streamstats count | table
count,log_level,splunk_server
count | log_level | splunk_server |
---|---|---|
1 | INFO | XXXX |
2 | INFO | XXXX |
3 | INFO | XXXX |
4 | INFO | XXXX |
2. Using “accum”
index=”_internal” sourcetype=splunkd
| table log_level, splunk_server
| head 4
| eval Number=1
| accum Number
| table Number,log_level,splunk_server
Number | log_level | splunk_server |
---|---|---|
1 | INFO | XXXX |
2 | INFO | XXXX |
3 | INFO | XXXX |
4 | INFO | XXXX |
Hope this has helped you in achieving the below requirement
without fail:
How to add Serial Number in each line of your event
Happy Splunking !!
What’s your Reaction?
+1
1
+1
1
+1
3
+1
+1
1
+1
+1
interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts,Thanks a million once again, Regards