https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317233#M162648 <P>I know about addcoltotals,but that does not do something like a delta where For each event where field is a number, the delta command computes the difference, in search order, between the field value for the event and the field value for the previous event. The delta command writes this difference into newfield.</P> <P>In the similar manner instead of difference I am looking for addition of it</P> Thu, 01 Mar 2018 21:00:02 GMT vrmandadi 2018-03-01T21:00:02Z https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317231#M162646 <P>I am looking something like the following result</P> <UL> <LI>A_Count AGGREGATE TOTAL 20 20 30 50 10 60</LI> </UL> <P>I know delta command will give the difference but is there any command which gives the aggregation</P> Thu, 01 Mar 2018 18:47:36 GMT https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317231#M162646 vrmandadi 2018-03-01T18:47:36Z https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317232#M162647 <P>You should check out <CODE>addcoltotals</CODE></P> <P>It will work like this <CODE>| addcoltotals labelfield=change_name label=ALL</CODE></P> <P><A href="http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/Addcoltotals">http://docs.splunk.com/Documentation/Splunk/7.0.1/SearchReference/Addcoltotals</A></P> Thu, 01 Mar 2018 19:19:11 GMT https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317232#M162647 skoelpin 2018-03-01T19:19:11Z https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317233#M162648 <P>I know about addcoltotals,but that does not do something like a delta where For each event where field is a number, the delta command computes the difference, in search order, between the field value for the event and the field value for the previous event. The delta command writes this difference into newfield.</P> <P>In the similar manner instead of difference I am looking for addition of it</P> Thu, 01 Mar 2018 21:00:02 GMT https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317233#M162648 vrmandadi 2018-03-01T21:00:02Z https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317234#M162649 <P>I got it there is command called accum </P> <P><A href="http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Accum">http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Accum</A></P> Thu, 01 Mar 2018 21:03:00 GMT https://community.splunk.com/t5/Splunk-Search/how-to-get-the-aggregation-count-of-field-values/m-p/317234#M162649 vrmandadi 2018-03-01T21:03:00Z