Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

count of character in field

EricPartington
Communicator
‎07-29-2011 12:48 PM

how would I count the number of occurances of a character or symbol in an extracted field and display that as a seperate field?

for instance counting the number fields passed in a POST message? (delimited by 😃

i have looked at rex, mvcount and stats but so far havent come up with a solution to do it from a search.

Any ideas?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-29-2011 12:59 PM

there's probably more than way to do it with the eval command.

http://www.splunk.com/base/Documentation/latest/SearchReference/CommonEvalFunctions

Here's one, if you have a field called 'postPayload': 

<your search> | eval numArgs = mvcount(split(postPayload,"="))-1

View solution in original post

Reply
Solved! Jump to solution

mw
Splunk Employee
Splunk Employee
‎07-29-2011 01:06 PM

How about something like this:

sourcetype=access_combined | eval chars=mvcount(split(uri, "=")) - 1 | table uri, chars
0 Karma
Reply
Solved! Jump to solution
Solution

sideview
SplunkTrust
SplunkTrust
‎07-29-2011 12:59 PM

there's probably more than way to do it with the eval command.

http://www.splunk.com/base/Documentation/latest/SearchReference/CommonEvalFunctions

Here's one, if you have a field called 'postPayload': 

<your search> | eval numArgs = mvcount(split(postPayload,"="))-1
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...