https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210110#M61456 <P>I think you'll need two separate searches. </P> <PRE><CODE>...|stats sum(price) as revenue by buyId ...|stats sum(price) as revenue by userId|sort 0 - revenue |head 10 </CODE></PRE> Thu, 29 Dec 2016 13:16:57 GMT cmerriman 2016-12-29T13:16:57Z https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210109#M61455 <P>So I currently have a csv table of users and click events related to purchases on an app. The table goes something like this:</P> <P>userId | timestamp | uxID | buyId | price<BR /> 1004 5/26/2016 3:36:54 PM 6004 2 5<BR /> 1300 5/26/2016 5:06:54 PM 6005 1 10<BR /> 1027 5/26/2016 6:06:54 PM 6006 3 3<BR /> ...</P> <P>The buyId is the number of the specific item that users can purchase and there are six items available in total. The price for the different items vary as well. What I want to know is:</P> <P>1) how much money was spent in total for each item?<BR /> 2) the total amount of money spent by the top ten users (ranked by how much money they spent</P> <P>Many thanks!</P> Thu, 29 Dec 2016 09:06:31 GMT https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210109#M61455 cheung_bea 2016-12-29T09:06:31Z https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210110#M61456 <P>I think you'll need two separate searches. </P> <PRE><CODE>...|stats sum(price) as revenue by buyId ...|stats sum(price) as revenue by userId|sort 0 - revenue |head 10 </CODE></PRE> Thu, 29 Dec 2016 13:16:57 GMT https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210110#M61456 cmerriman 2016-12-29T13:16:57Z https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210111#M61457 <P>Thanks very much!</P> Tue, 03 Jan 2017 05:56:40 GMT https://community.splunk.com/t5/Splunk-Search/How-to-aggregate-across-columns/m-p/210111#M61457 cheung_bea 2017-01-03T05:56:40Z