Count number of events before Debup

Is there any way to save the count of the events before doing the dedup ? This is my query index="webapplication_logs" sourcetype="error_log" | rex field=_raw "Severity:\s (?.+)" | search Severity = Error This query lists all my `Severity=Error` events (i.e, total:3 events in the last 10minutes custom timeframe) .................... Date: [07/Mar/2004:16:04:49 -0800] IP: ipaddress Method: "GET /topicparent=Main.ConfigurationVariables HTTP/1.1" Response: 401 Type: Info Severity: Error .................... .................... Date: [07/Mar/2004:16:05:49 -0800] IP: ipaddress Method: "GET /topicparent=Main.ConfigurationVariables HTTP/1.1" Response: 401 Type: Info Severity: Error .................... .................... Date: [07/Mar/2004:16:07:49 -0800] IP: ipaddress Method: "GET /topicparent=Main.ConfigurationVariables HTTP/1.1" Response: 401 Type: Info Severity: Error .................... Now I used Dedup to show only one result in the last 10minutes timeframe. index="webapplication_logs" sourcetype="error_log" | rex field=_raw "Severity:\s (?.+)" | search Severity = Error | dedup Severity OUTPUT .................... Date: [07/Mar/2004:16:07:49 -0800] IP: ipaddress Method: "GET /topicparent=Main.ConfigurationVariables HTTP/1.1" Response: 401 Type: Info Severity: Error .................... But I want to show the total error events count (i.e 3 events) in the output or either count saved in the field. I have tried the `eval` command to save the count, but field value count shows 1 after using dedup (skipped this method). | eval tcount = mvcount(Severity) Then I have used `stats` command which counts the events but doesn't show the raw event. | stats count by Severity ![alt text][1] I have included the _raw with the stats command but COUNT didn't work may because the _raw event timestamp is different. | stats count by Severity, _raw OUTPUT Severity Count _raw Error 1 event Error 1 event Error 1 event But how to show the count of the events as well as the 1 similar error event ?. DESIRED OUTPUT Severity Count _raw Error 3 event OR any other methods to save the events count before dedup ? [1]: /storage/temp/154246-stats.png

Count number of events before Debup

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

Ominde Commission Report and Recommendations – Ominde Report of 1964

Bureau of Internal Revenue: Regional Offices (Directory)

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

Mp3 Download: Mdu - Kunjenjenjena

How the kill the job , when DTP request running for long hours.

Microsoft Intune から展開しているアプリのアップデートについて

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

Car crash in Dunton Bassett leaves driver in critical condition

Macky 2, Two Others In Road Accident

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

Detroit mafia: D’Anna Brothers agree to plea deal

Delivery block field greyed out using VA02

Muloraki Au

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出ｗ【リベンジポルノ】＠PornHub

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

FIAT 500 B0111 B0112