Hi All,
I'm pretty new to Splunk so still learning my way around everything.
Running a search like this results in the following table below:
index=my table | stats count(Host) by Account, Group | table Account, Group, Host
**Account** | **Group** | **Host**
A | 1 | abc.com
A | 1 | def.com
A | 1 | ghi.com
A | 2 | abcd.com
A | 2 | abcde.com
B | 1 | foo.com
B | 1 | bar.com
B | 3 | foobar.com
I want to have a table that will display the results from above like this (basically it looks by Account then by Group and then sums up the count of Host's under this one account and group
**Account** | **Group** | **Host (count)** <--Note: "(count)" after "Host" is optional
A | 1 |3
A | 2 |2
B | 1 |2
B | 3 |1
Any suggestions on how to construct this search?
Thanks
↧