Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cumulative sum of hours

shreeCS
New Member
‎09-15-2013 11:59 PM

Hi,

I have created a chart showing the cumulative sum of hours for each host for the month of August.
Here the fields are 

Day   Date   In-Time   Out-Time  DurationHours(OutTime-InTime)

The query is : 

sourcetype="abc" | convert mstime(Out_Time__) AS outtime | convert mstime(In_Time__) AS intime |eval durationHrs=(outtime - intime )/60 | streamstats sum(durationHrs) as cumulativeSum by host | timechart values(cumulativeSum) by host

Here it should show ,for aug1 cumulative sum is 8,for Aug2 ->19 .... aug31-->208.
Here in my case it is in a reverse order i.e., for aug1 its showing 208 and for aug31 it is 8.How this can be solved?

Thank You

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎09-16-2013 04:20 AM

Please include "|sort date_mday" or "|sort _time" before performing streamstats.

Reply

shreeCS
New Member
‎09-16-2013 04:24 AM

Hi somesoni2,

thank you for the solution and i also come up with the solution where i included "reverse" in the query i.e., sourcetype="abc" | reverse |.....

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...