Display total in addition to individual series

beaumaris — Wed, 19 Jan 2011 23:53:13 GMT

I have several searches that return data broken down by host in a timechart; a simple example would be a timechart of bytes transferred by each host. This is pretty straightforward and works fine. Now the users are asking if we can produce another series that is the total of all the other values in the series. We've already summary indexed several months of log files, so I prefer to find some way to do this with the existing entries, which look like this:

01/18/2011 15:50:00, search_name="Do Not Click - Summary Index - Bandwidth By Server", search_now=1295388000.000, info_min_time=1295383800.000, info_max_time=1295387400.000, info_search_time=1295417075.399, ElapsedTime=175044, Node_Type=Edge, NumBytes=22418, Server="str03-dsit.se.ccp-tools-generic-nh.cds.bdn.lab.xcal.tv", report="bandwidth_by_server"

If that's not possible, then can someone suggest how to enhance the existing search to also accumulate the total? The existing search is

search = index=myindex | bucket _time span=10m | stats sum(Bytes) as NumBytes, sum(Elapsed_Time) as ElapsedTime by Server

As reference, here is the search that produces the timechart that we display, using the summary index

index="summary" report="bandwidth_by_server" | eval Mbits = (NumBytes / .125)/1024/1024 | eval Elapsed_Secs = ElapsedTime / 1000000.000 | eval MbSec = Mbits/Elapsed_Secs | timechart usenull=f useother=f avg(MbSec) by Server

Re: Display total in addition to individual series

gkanapathy — Thu, 20 Jan 2011 01:36:01 GMT

You can use the addtotals or addcoltotals commands.

topic Re: Display total in addition to individual series in Dashboards & Visualizations

Display total in addition to individual series

Re: Display total in addition to individual series