Dashboards & Visualizations

Grouping Column Results after Stats Output

cchange
Path Finder

I'm trying to combine count of Ipad and iPhone to a single result. I tried appendcols function but no luck. Can anyone please let me know how to combine this two fields and sum of them as single result.

Current Result
System Count
Ipad 4567
iPhone 5678
Windows 7890

Looking Result
IOS 10245
Windows 7890

Thanks

Tags (1)
0 Karma
1 Solution

somesoni2
Revered Legend

Try like this

your current search giving your Current Result with fields System and Count | eval System=if(System="Ipad" OR System="iPhone","IOS", System) | stats sum(Count) as Count by System

View solution in original post

somesoni2
Revered Legend

Try like this

your current search giving your Current Result with fields System and Count | eval System=if(System="Ipad" OR System="iPhone","IOS", System) | stats sum(Count) as Count by System

cchange
Path Finder

Thanks it got worked.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...