I'm a new Splunk user: I have a dataset with fields Date, ACCNBR, Count, REVENUE. Date (Date when number was billed), Field ACCNBR(Cellphone Number), Count(counts the number of times the number was billed)REVENUE(The amount deducted). I want to generate a search which shows me the total REVENUE generated per by week.
Date, ACC_NBR, Count, REVENUE
index=<your_index> earliest=@w0| stats sum(REVENUE) by ACC_NBR
earliest=@w0 = beginning of the week
earliest=-7d@d for 7 days, depending on what "a week" is for you
This is a follow-up question to my first. The following query worked for me. I managed to get the total revenue generated per ACC_NBR.
The 2nd part of the question: How to show the total revenue generated per week.
| stats sum(REVENUE) by ACC_NBR
Assuming you have timestamp extraction done right, use
timechart span=w sum(REVENUE).