Solved: Grouping Column Results after Stats Output

cchange · ‎09-27-2016

I'm trying to combine count of Ipad and iPhone to a single result. I tried appendcols function but no luck. Can anyone please let me know how to combine this two fields and sum of them as single result.

Current Result
System Count
Ipad 4567
iPhone 5678
Windows 7890

Looking Result
IOS 10245
Windows 7890

Thanks

somesoni2 · ‎09-27-2016

Try like this

your current search giving your Current Result with fields System and Count | eval System=if(System="Ipad" OR System="iPhone","IOS", System) | stats sum(Count) as Count by System

View solution in original post

somesoni2 · ‎09-27-2016

Try like this

your current search giving your Current Result with fields System and Count | eval System=if(System="Ipad" OR System="iPhone","IOS", System) | stats sum(Count) as Count by System

cchange · ‎09-27-2016

Thanks it got worked.

Grouping Column Results after Stats Output

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation