Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

上位XX位とその他の合計値の集計について

clio706
Explorer
‎09-16-2020 05:26 AM

お世話になります。

集計のサーチ文の書き方についてご教示ください。

やりたいことは下記の通りです。

・販売数で集計し、Top3を出力する。
・その他は合計して集計する。
・販売数で集計した結果に、商品名をキーとして割引販売数の集計値をマージする。

出力イメージは以下の通りです。

商品名販売数
aaa300
aaa400
aaa500
bbb300
ccc200
ccc300
ccc500
ddd100
ddd100
eee800

 

商品名割引販売数
aaa100
aaa50
aaa200
bbb200
ccc10
ccc200
ccc100
ddd20
ddd50
eee100

 

集計後イメージ

商品名販売数割引販売数
aaa1200350
ccc1000310
eee800100
その他500270

 

宜しくお願い致します。

Labels (2)
Labels
Tags (1)
0 Karma
Reply

thambisetty
SplunkTrust
SplunkTrust
‎09-17-2020 05:37 AM 
index=yourindex 
| stats sum("Number of sales") as sum_Number_of_sales by "Product name"
| append [search index=yourindex 
| stats sum("Discount sales") as sum_Discount_sales by "Product name"]
| stats values(*) as * by "Product name"
| sort - sum_Number_of_sales
————————————
If this helps, give a like below.
Reply

clio706
Explorer
‎09-23-2020 06:39 AM

Thank you for your comment.
I tried it, but I couldn't aggregate other total values.
Let's consider a little more with reference to the SPL you received.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...