Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Cumulative sum of hours

shreeCS
New Member
‎09-15-2013 11:59 PM

Hi,

I have created a chart showing the cumulative sum of hours for each host for the month of August.
Here the fields are 

Day   Date   In-Time   Out-Time  DurationHours(OutTime-InTime)

The query is : 

sourcetype="abc" | convert mstime(Out_Time__) AS outtime | convert mstime(In_Time__) AS intime |eval durationHrs=(outtime - intime )/60 | streamstats sum(durationHrs) as cumulativeSum by host | timechart values(cumulativeSum) by host

Here it should show ,for aug1 cumulative sum is 8,for Aug2 ->19 .... aug31-->208.
Here in my case it is in a reverse order i.e., for aug1 its showing 208 and for aug31 it is 8.How this can be solved?

Thank You

Tags (1)
0 Karma
Reply

somesoni2
Revered Legend
‎09-16-2013 04:20 AM

Please include "|sort date_mday" or "|sort _time" before performing streamstats.

Reply

shreeCS
New Member
‎09-16-2013 04:24 AM

Hi somesoni2,

thank you for the solution and i also come up with the solution where i included "reverse" in the query i.e., sourcetype="abc" | reverse |.....

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...