Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Group data 'n' rows at a time

nikita012
New Member
‎04-04-2019 04:03 AM

I have 40 rows in my data with fields Date, Total. I want to add the values of Total for each 5 days. How can I group data 5 rows at a time?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎04-04-2019 07:00 AM

@nikita012,

Try this,

"your current search"
|streamstats count as rowno|eval _fives=if((rowno-1)%5==0,1,0)
|accum _fives as group|eventstats sum(total) by group

you may replace eventstats with stats if you do not want other fields

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎04-04-2019 07:00 AM

@nikita012,

Try this,

"your current search"
|streamstats count as rowno|eval _fives=if((rowno-1)%5==0,1,0)
|accum _fives as group|eventstats sum(total) by group

you may replace eventstats with stats if you do not want other fields

---
What goes around comes around. If it helps, hit it with Karma 🙂
Reply
Get Updates on the Splunk Community!

SOCin’ it to you at Splunk University

Splunk University is expanding its instructor-led learning portfolio with dedicated Security tracks at .conf25 ...

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Organizations handling credit card transactions know that PCI DSS compliance is both critical and complex. The ...

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

What are Community Office Hours?Community Office Hours is an interactive 60-minute Zoom series where ...