Re: Sum rows by column

politrons · ‎11-02-2022

Having this initial query I obtain a list of results order by Consumer, and pod

messages_number container_name="pol-sms-amh-throttler" | stats avg(messages_number) as consumer_node by Consumer, pod

Then I append a second stats where I want to sum all the values of pods by Consumer

messages_number container_name="pol-sms-amh-throttler" | stats avg(messages_number) as consumer_node by Consumer, pod | stats sum(consumer_node) as AvgConsumption by Consumer limit=0

Is this query correct and accurate about what I'm want to achieve?

Also I don't know how can I see the AvgConsumptions in a visualization

politrons · ‎11-02-2022

you're not doing the same thing.

If we have 3 pods that are producing messages_number 3,4,2. What I want to know is that all of them are producing 9.

But with your query it will produce just 4

ITWhisperer · ‎11-02-2022

If you just want to sum them, try this

messages_number container_name="pol-sms-amh-throttler" | stats sum(messages_number) as TotalConsumption by Consumer limit=0

ITWhisperer · ‎11-02-2022

What you have will give you a number although I am not sure what significance it has - have you considered just doing it this way?

messages_number container_name="pol-sms-amh-throttler" | stats avg(messages_number) as AvgConsumption by Consumer limit=0

How to search sum rows by column?

calculated field

data model

field extraction

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation