Reporting
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Add values together for report

Dragonnet
New Member
‎10-26-2010 10:47 AM

I have a SYSLOG output from a netscreen. There are two fields in each record that contain a value (sent) and (rcvd). I have enclosed an example below. I want to create a bar chart that will show the sum of these two values for the top ten IP addresses in (dst)

I have tried various syntaxes in the report command pipe * | timechart sum(sent) by dst

  • | timechart sum(sent+rcvd) by dst
  • | timechart sum((sent)+(rcvd)) by dst
  • | timechart sum((sum(sent)+(sum(rcvd)) by dst

But clearly I am missing something in the syntax

ssg5-serial: NetScreen device_id=0162102007000604 [Root]system-notification-00257(traffic): start_time="2010-10-26 11:34:30" duration=4 policy_id=6 service=icmp proto=1 src zone=Untrust dst zone=Trust action=Permit sent=78 rcvd=78 src=212.21.121.89 dst=212.21.101.193 icmp type=8 src-xlated ip=212.21.121.89 dst-xlated ip=212.21.101.193 session_id=2607 reason=Close - RESP\x00

Tags (2)
0 Karma
Reply

bwooden
Splunk Employee
Splunk Employee
‎10-26-2010 11:11 AM

One way...

 ... | timechart eval(sum(sent)+sum(rcvd)) by dst
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...