- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Can you help me sum the data in the following ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Team,
I have PATA field which needs to do sum of PATA field, am using below command where should add PATA to get sum of PATA field
index=pass source="test" |eval DATE = YEAR."-".PERIOD| fields DATE | stats count by DATE
2018-10-24 14:43:50.556, S_DATE="201208", SCENARIO="Actual", YEAR="2016", PERIOD="Feb", VIEW="YTD", ENTITY="109", ENTITY_DESC="Test Canada Inc.", MARKET="Canada", ACCOUNT="922002", ACCOUNT_DESC="922002 - Employee Activity Food Bev", INTER_ENTITY="[ICP None]", VALUE="[Parent Total]", RC="21102", SUBACCOUNT="000000", INTER_RC="000000", PRODUCT="000000", CUSTOM5="USD_FUNC_Total", DATA_TYPE="Total_Late", PATA="179.03919201"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want count and sum both, try below query
index=pass source="test" |eval DATE = YEAR."-".PERIOD| fields DATE, PATA | stats count, sum(PATA) AS Total_PATA by DATE
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this-
index=pass source="test" |eval DATE = YEAR."-".PERIOD| fields DATE, PATA | stats count ,sum(PATA) AS Total_PATA by DATE
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you want count and sum both, try below query
index=pass source="test" |eval DATE = YEAR."-".PERIOD| fields DATE, PATA | stats count, sum(PATA) AS Total_PATA by DATE
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Its woking, Appreciate for your help
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great that your problem is solved 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes i did your command , but count field is missing , and getting two fields Date and PATA
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for quick reply
index=pass source="test" |eval DATE = YEAR."-".PERIOD| fields DATE | stats count by DATE
getting below output
Date Count
2016-Apr 6000
2016-Aug 1000
2016-Dec 1229
My requirement
Date Count PATA
2016-Apr 6000
2016-Aug 1000
2016-Dec 1229
It should sum of PATA data with year and month wise , visible in PATA field
your command does not add count field , hence it is not working
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Have you tried to run query which I have provided ? You are still doing stats count instead of stats sum(PATA).... as I mentioned in previous comment.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can you please try below query ?
index=pass source="test" |eval DATE = YEAR."-".PERIOD| fields DATE, PATA | stats sum(PATA) AS Total_PATA by DATE
Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts
Video | Tom’s Smartness Journey Continues
3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?
