Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Groups in stats command: How to get the sum of multiple fields by a field?

splunkuser320
Path Finder
‎02-15-2023 07:37 AM

I am trying to create a query to get the sum of multiple fields by a field. 

 

index="*****"
|stats sum(field_A) as  A by field_C,sum(field_B) as B  by field_C

| table field_C, field_A,field_B

 

This query is giving error. 

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎02-15-2023 07:52 AM

Hi @splunkuser320,

you cannot use two BY clauses in a stats command, please try this:

index="*****"
| stats sum(field_A) AS field_A sum(field_B) AS field_B BY field_C

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution

splunkuser320
Path Finder
‎02-15-2023 07:56 AM

Thanks for quick help 

0 Karma
Reply
Solved! Jump to solution
Solution

gcusello
Esteemed Legend
‎02-15-2023 07:52 AM

Hi @splunkuser320,

you cannot use two BY clauses in a stats command, please try this:

index="*****"
| stats sum(field_A) AS field_A sum(field_B) AS field_B BY field_C

Ciao.

Giuseppe

Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...