Archive
Highlighted

How to add sum filed in table

Explorer

I have two fiels. Deny and Monitor.
I want to draw timechart added by SUM field.
Can i add SUM field?

_time A B _time A B SUM
0:0:0 1 2 => 0:0:0 1 2 3
0:0:1 3 3 0:0:1 3 3 6

Tags (1)
0 Karma
Highlighted

Re: How to add sum filed in table

Splunk Employee
Splunk Employee

use the | addtotals command.
see http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/Addtotals

mysearch | table _time A B | addtotals

0 Karma
Highlighted

Re: How to add sum filed in table

Splunk Employee
Splunk Employee

or if you have fixed list of fields use an eval to do the sum
mysearch | eval SUM=A+B | table _time A B SUM

0 Karma
Highlighted

Re: How to add sum filed in table

Explorer

It's very simple..thnx

0 Karma