Hi and thanks for reading.
I want to count how many times repeats a field.
I have one field auth_failure and i want to count how many times it appears in logs. The field's content is always the same.
Thanks!
Hi Roberto,
Do you mean how many docs contain a term? Or how many times a term appears in each doc?
For how many docs contain a term, here I searched for a string cron on the Discover tab and it shows me 30 hits at the top and highlights the search term in the doc _source?
Or in a Data Table visualization where I just searched for cron again. I'm not sure why I get 32 hits here instead of 30, but you get the idea.
If you were asking about counting the number of times a term appears in each doc, that might be a bit harder...
Thanks,
Lee
Hi, LeeDr and thanks so much for reply.
Sorry for taking so long to answer. In this case, i want to count how many times a field takes a specific value. For example, the field smtp_status contains the value sent. This way i could count the sent e-mails in my server.
I solved it by putting "smtp_status:sent" in the search box.
Thanks again for reply.