https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412702#M146072 <P>I am beginner to Splunk and could you please help me with the following scenario. I have a search that will display a pie chart of the computer count.</P> <P>Now I would like to combine the search results with a wild card search</P> <P><STRONG>Search I use</STRONG> : mySearch here | stats dc(COMPUTER) by OS</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/7170iB20DA97E6C67F7C4/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> <P>Thanks in advance.</P> Thu, 17 Sep 2020 23:05:42 GMT veerappan 2020-09-17T23:05:42Z https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412702#M146072 <P>I am beginner to Splunk and could you please help me with the following scenario. I have a search that will display a pie chart of the computer count.</P> <P>Now I would like to combine the search results with a wild card search</P> <P><STRONG>Search I use</STRONG> : mySearch here | stats dc(COMPUTER) by OS</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="alt text"><img src="https://community.splunk.com/t5/image/serverpage/image-id/7170iB20DA97E6C67F7C4/image-size/large?v=v2&amp;px=999" role="button" title="alt text" alt="alt text" /></span></P> <P>Thanks in advance.</P> Thu, 17 Sep 2020 23:05:42 GMT https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412702#M146072 veerappan 2020-09-17T23:05:42Z https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412703#M146073 <P>@veerappan </P> <P>Can you please try this?</P> <PRE><CODE>YOUR_SEARCH | eval OS=case(like(lower(OS),"windows%"),"Windows",like(lower(OS),"mac%"),"Mac",1=1,OS) | stats sum("Computer Count") as "Computer Count" by OS </CODE></PRE> <P><STRONG>My Sample Search:</STRONG></P> <PRE><CODE>| makeresults | eval OS="Windows 7", "Computer Count"=50 | append [| makeresults | eval OS="Windows Server", "Computer Count"=25] | append [| makeresults | eval OS="Mac x", "Computer Count"=20] | append [| makeresults | eval OS="Mac y", "Computer Count"=25] | append [| makeresults | eval OS="Ubuntu", "Computer Count"=30] | eval OS=case(like(lower(OS),"windows%"),"Windows",like(lower(OS),"mac%"),"Mac",1=1,OS) | stats sum("Computer Count") as "Computer Count" by OS </CODE></PRE> <P>Thanks</P> Tue, 11 Jun 2019 12:25:41 GMT https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412703#M146073 kamlesh_vaghela 2019-06-11T12:25:41Z https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412704#M146074 <P>@kamlesh_vaghela Thanks a lot it works <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 11 Jun 2019 14:11:42 GMT https://community.splunk.com/t5/Splunk-Search/Combine-Add-rows-in-the-search-results-using-a-wildcard/m-p/412704#M146074 veerappan 2019-06-11T14:11:42Z