Adding a column

Muthu_Vinith · ‎02-01-2024

Hi Splunk experts,

I’m a Splunk beginner. I need help with a requirement. I have fields named 'location,' 'login,' and 'desk' with the following values:

location login desk

AA 1 0

BB 1 0

CC 0 10

DD 1 1

EE 0 1

My goal is to create a new location called 'ABC,' which should be the sum of all four locations (AA, BB, CC, DD). I've tried the following search, but it's not summing up all four locations:

| appendpipe [search AA BB CC DD | eval location=“ABC”]

| stats sum(login) as login by desk

Please guide me on how to achieve this. Thank you.

ITWhisperer · ‎02-02-2024

Please clarify your question - you say you want to add a column but appendpipe will add row(s) - you have 5 locations not 4, do you wish to exclude a particular location or sum the logins for all locations by desk?

richgalloway · ‎02-01-2024

Use the addcoltotals command to sum the values and put them into the location field as "ABC".

... | addcoltotals labelfield=location label="ABC"

---
If this reply helps you, Karma would be appreciated.

Adding a column

fields

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases