Solved: Concatenating stats results and visualizing as a s...

karthiknzx · ‎08-10-2016

Hi there
index=someIndex | stats = sum(fieldA) as one, sum(fieldB) as two

I would like to display the result in the format (one/two) where / is a separator. I want to visualize the output using the "Single value" visualization so I could color/enlarge the below text etc. Can you please help? (I tried using eval to concatenate the results but couldn't get it to work). Thank you.

Desired output :

100.30/200.40

where
one = 100.30
two = 200.40

pradeepkumarg · ‎08-10-2016

What did you try so far? something like below should work.
| eval result = one."/".two

View solution in original post

pradeepkumarg · ‎08-10-2016

What did you try so far? something like below should work.
| eval result = one."/".two

karthiknzx · ‎08-10-2016

Thanks. This is what I tried earlier: (but I had a typo which prevented eval from working)
index=someIndex | stats = sum(fieldA) as one, sum(fieldB) as two | eval result = one."/".two
The above query produced
sum(fieldA), sum(fieldB) and result.

I just wanted the result. My query should have been: (I just stumbled upon the fields command)
index=someIndex | stats = sum(fieldA) as one, sum(fieldB) as two | eval result = one."/".two | fields result

Concatenating stats results and visualizing as a single value

Welcome to the Splunk Community!

Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM

Adoption of RUM and APM at Splunk