Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cumulative sum of hours

shreeCS
New Member
‎09-15-2013 11:59 PM

Hi,

I have created a chart showing the cumulative sum of hours for each host for the month of August.
Here the fields are 

Day   Date   In-Time   Out-Time  DurationHours(OutTime-InTime)

The query is : 

sourcetype="abc" | convert mstime(Out_Time__) AS outtime | convert mstime(In_Time__) AS intime |eval durationHrs=(outtime - intime )/60 | streamstats sum(durationHrs) as cumulativeSum by host | timechart values(cumulativeSum) by host

Here it should show ,for aug1 cumulative sum is 8,for Aug2 ->19 .... aug31-->208.
Here in my case it is in a reverse order i.e., for aug1 its showing 208 and for aug31 it is 8.How this can be solved?

Thank You

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎09-16-2013 04:20 AM

Please include "|sort date_mday" or "|sort _time" before performing streamstats.

Reply

shreeCS
New Member
‎09-16-2013 04:24 AM

Hi somesoni2,

thank you for the solution and i also come up with the solution where i included "reverse" in the query i.e., sourcetype="abc" | reverse |.....

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...