count

The count operator returns the number of all input events.

count is a short form of summarize count=count().

Syntax

`Scope | count`

Arguments

Scope: The events to search.

Results

Returns a single record and column of type long. The value is the number of records in the scope.

In Dashboards, aggregations in child searches are based on the parent search’s results, so if the parent search’s results are capped by a system limit (such as max_results_per_search / Results limit), the child search’s aggregations may be incomplete.

Example

Count events where status=200 and response_time>2.

dataset=myDataset status=200 response_time>2
| count

Count the number of events.

dataset=$vt_dummy event<10 
| count

Run in Cribl Search

Show the number of search jobs by their status and the user that created it. $vt_jobs requires Admin Permissions.

dataset=$vt_jobs
| summarize jobs=count() by status, user

Run in Cribl Search

count

Syntax​

Arguments​

Results​

Example​

Common Resources

Syntax

Arguments

Results

Example