How to search sum rows by column?

politrons · ‎11-02-2022

Having this initial query I obtain a list of results order by Consumer, and pod

messages_number container_name="pol-sms-amh-throttler" | stats avg(messages_number) as consumer_node by Consumer, pod

Then I append a second stats where I want to sum all the values of pods by Consumer

messages_number container_name="pol-sms-amh-throttler" | stats avg(messages_number) as consumer_node by Consumer, pod | stats sum(consumer_node) as AvgConsumption by Consumer limit=0

Is this query correct and accurate about what I'm want to achieve?

Also I don't know how can I see the AvgConsumptions in a visualization

politrons · ‎11-02-2022

you're not doing the same thing.

If we have 3 pods that are producing messages_number 3,4,2. What I want to know is that all of them are producing 9.

But with your query it will produce just 4

ITWhisperer · ‎11-02-2022

If you just want to sum them, try this

messages_number container_name="pol-sms-amh-throttler" | stats sum(messages_number) as TotalConsumption by Consumer limit=0

ITWhisperer · ‎11-02-2022

What you have will give you a number although I am not sure what significance it has - have you considered just doing it this way?

messages_number container_name="pol-sms-amh-throttler" | stats avg(messages_number) as AvgConsumption by Consumer limit=0

How to search sum rows by column?

calculated field

data model

field extraction

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)