Solved: Adding Field Values Generated by a |stats latest(f...

jason_hotchkiss · ‎11-02-2020

Hello -

I have the following search:

<base search>
| fields host registrations
| stats latest(registrations) by host

This produces the following table:

host latest(registrations)
Pc1 51

Pc2 29

Pc3 18

How would I add the values of latest(registrations) to provide a single value for all 3 hosts? For example, I would like only the sum of the latest registrations (98) to display in a single value panel.

Thank you!

ITWhisperer · ‎11-02-2020

<base search>
| fields host registrations
| stats latest(registrations) as latest_reg by host
| stats sum(latest_reg) as total_latest_reg

View solution in original post

ITWhisperer · ‎11-02-2020

<base search>
| fields host registrations
| stats latest(registrations) as latest_reg by host
| stats sum(latest_reg) as total_latest_reg

jason_hotchkiss · ‎11-02-2020

Thank you!! This worked for me.

Adding Field Values Generated by a |stats latest(fieldvalue) command

eval

fields

table

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms