There are many ways to achieve the above scenario :
1. Using “steamstats”
index=”_internal” sourcetype=splunkd
| table log_level, splunk_server
| head 4
| streamstats count | table
count,log_level,splunk_server
| count | log_level | splunk_server |
|---|---|---|
| 1 | INFO | XXXX |
| 2 | INFO | XXXX |
| 3 | INFO | XXXX |
| 4 | INFO | XXXX |
2. Using “accum”
index=”_internal” sourcetype=splunkd
| table log_level, splunk_server
| head 4
| eval Number=1
| accum Number
| table Number,log_level,splunk_server
| Number | log_level | splunk_server |
|---|---|---|
| 1 | INFO | XXXX |
| 2 | INFO | XXXX |
| 3 | INFO | XXXX |
| 4 | INFO | XXXX |
Hope this has helped you in achieving the below requirement
without fail:
How to add Serial Number in each line of your event
Happy Splunking !!
What’s your Reaction?
+1
1
+1
1
+1
4
+1
+1
1
+1
+1
interesting information. This is just the kind of information that i had been looking for, i'm already your rss reader now and i would regularly watch out for the new posts,Thanks a million once again, Regards