Hey All,
I'm trying to accomplish a search here that seems so simple but I got stucked. I have this one where give me all Origination who made a call, good so far:
sourcetype=xyz Dur>0 OTG=* Int_DTG=Brazil
| top route_name, OTG limit=0
I got all customers that called to Brazil, here I got 100 events on statistics area but grouped as:
OTG | Count
the count here is how many times the OTG made the call.
Sample:
OTG - Wesley Franklin | Count 40 calls
OTG - Jhon | Count 60
The total here is 100. I just want to made count/summ of all Count by OTG field that shows me a simple math as 100
Sorry if it's no clear I will really appreciate your patience and time.
Thank you so much.
So skip the top
and do this:
sourcetype=Brazil Dur>0 dn=026*
| stats count BY OTG
| sort 0 - count
| addtotals row=f col=t
| fillnull value="TOTAL"
how do you use makeresults command to generate this kind of sample eventset. I want to try this on my system
Hey,
Maybe I haven't explained it correctly, let's break it down:
So my current search it's:
sourcetype=Brazil Dur>0 dn=026*
| top OTG limit=0
| fields - percent
Well, here I will get: All customers from Brazil that are calling using dialed number 026 (at the beginning, dn field) and its source by OTG field then I got something like:
| OTG | count |
| Wesley | 50 calls
| Jhon | 50 calls
Where: OTG stands for Origination customer.
I'm getting 2differents OTG here I'd like to count it like:
| OTG |
| 10 |
Sorry if what I put firstly isn't that.
Thank you in advance.
If I read your question correctly, simply add to the end of your search
...
| addcoltotals
That might do what you want. If it doesn't, please provide the search you use and a sample event or two so that we have a better idea of what you have now.