All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Maps+ Cluster sum(field)

ScottKirkland
New Member
‎10-18-2019 11:27 AM

I have a dataset that includes the number of people getting on\off a bus and at what lat\lon that occurred.

I've got Maps+ showing how many events took place in a cluster, but I would like to display the sum of three different fields for that cluster.

     *index=bus_apc IN3F>0 OR IN2M>0 OR IN1R>0 | eval latitude=LAT, longitude=LON | table latitude, longitude*

Context: there are 6 fields that represent people getting on the bus. 3 start in IN, 3 start with OUT. This is why I am filtering to grab only events greater 0 from IN3F, IN2M, and IN1R.

I have the sum of each field with a total. I would like to the overall total of a cluster to be displayed on the map.

index=bus_apc | stats sum(IN3F) as "Boardings Front", sum(IN2M) as "Boardings Middle", sum(IN1R) as "Boardings Rear" | addtotals

Can anyone help?

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...