I have 2 indexes with one field(A) as common in both
Now I want the count of that same field(A) from both indexer in one panel .eg:
indexer 1= total event count of A=30
indexer 2= total event count of A=20
now in a panel i want to show total count of A as 50
Try the following:
(index=ndxA OR index=ndxB) fieldA=*
| stats count(fieldA) as countA
Related
hi im new to sql and trying to understand how to work with data structures. I have a table
fact.userinteraction
interactionuserkey visitdatecode
0 20220404
1 20220404
5 20220402
5 20220128
If the interaction userkey number repeats then, i want a column called number of visits. in this case, for interactionuserkey 5, there are 2 total visits since its repeated twice. for interactionuserkey 0, number of visits =1 and so on. Basically, sum duplicates in column 1 and give total count AS number of visits. How do i do this?
In sql, it's resolved using basic aggregation
select interactionuserkey, count(*)
from your_table
group by interactionuserkey
I am trying to analyse a sqllite database and I use these data for a bar chart. I will count and do the avg of age group by each value in each column, in this case Class with the limit of only first 100 distinct values.
An example of this table:
Age Class
25 Worker
30 Student
48 Spy
I use LIMIT 100 to limit the result. To add more information for user, I want to let user know the number of values didn't get in account and the hidden rows, is there anyway to achieve this?
Simple solution: I am not very familiar with sql so I think to do two queries, with and without LIMIT, count the number of rows and substrat each other to find the answer. But because I have 42 columns so I would be very happy if I can have another solution.
If you want all but the first 100 rows, you can combine LIMIT with OFFSET.
select * from test01 LIMIT 1000000 OFFSET 100;
When I type this search query in splunk search head:
index=main sourcetype=mySrcType | top fieldA fieldB
Splunk automatically adds count column to the resulting table. Now, what is this count? is it a simple sum of each field count?
The count is showing you the number of times thatt field value pair show up in the time range and query you ran. If you want to exclude it, you can add
| fields - count
Top counts the most common 10 values of each of the fields you list after it's command
You can read more about it on its documentation page
http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Top
I have three columns: ID, events, and month. I need to get the count of events by month unique by ID.
So far I have the count of events by month (e.g. 1806 unique logins in May) using CountIfs(Range("B2:B276609"), EventName, Range(C2:C76602"), m)).
How do I filter this above count so only the unique IDs within that count is being used? Note that I have to loop this through a bunch of event types and months.
To make this clearer, let me provide some sample data:
ID Event Month
1 Login May 16
2 click July 16
1 Save June 16
1 Login May 16
3 Save June 16
From this I need to get the following info:
1 unique login in May 16
2 unique saves in June 16
1 unique click in July 16
You can use Excel's inbuilt remove duplicates function.
ActiveSheet.Range("A2:C76602").RemoveDuplicates Columns:=Array(1,2), Header:=xlYes
Based on the link in Ralph's comments which can be found here here you get:
To know how many unique items you have you can use this regular formula:
=SUM(IF(FREQUENCY(COUNTIF(Colors,"<"&Colors),COUNTIF(Colors,"<"&Colors)),1))
I then extended this to multiple columns just change the countif formulas to countifs. (different ranges used obviously).
=SUM(IF(FREQUENCY(COUNTIFS($A$1:$A$10,"<"&$A$1:$A$10,$B$1:$B$10,"<"&$B$1:$B$10),COUNTIFS($A$1:$A$10,"<"&$A$1:$A$10,$B$1:$B$10,"<"&$B$1:$B$10)),1))
I want the sum of a count IF the count is >=3. This gives me a sum of all the counts, regardless if they are <> 3:
=Sum(Iif(CountDistinct(Fields!ENCOUNTER.Value)>=3,1,0))
This produces th same result, the total number of distinct encounters:
=Sum(Iif(CountDistinct(Fields!ENCOUNTER.Value)>=3,CountDistinct(Fields!ENCOUNTER.Value),Nothing))
I want the total number of distinct encounters if there are 3 or more per person. I am grouping on person first, then encounter id.
Ex:
Person Enc
John 1
Bob 4
Sue 2
Ann 3
Total Enc>=3: 2
Based on your requirement, if there are not details rows under ENCOUNTER, you should directly compare the Fields!ENCOUNTER.Value instead of using countdistinct()
Sum(IIF(Fields!ENCOUNTER.value>=3,1,0))
If you have multiple detail rows under ENCOUNTER group level, your requirement can't be achieved because we can't use an aggregation function within an aggregation function. Which means we can't get the distinct ENCOUNTER IDs first, then calculate the total.
I found a workaround. I created another query that selects only those people with 3 or more encounters and added it to the report as a subreport