Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How can I modify the search to show only the host_name and the sum total of the avg_kWh column?

mallaht
Loves-to-Learn
‎09-02-2022 04:34 AM

I have borrowed a search from an earlier question to help give kWh information on a given month. How can I modify the search to show only the host_name and the sum total of the avg_kWh column?

index=network sourcetype=zabbix metric_name="st4InputCordActivePower" host_name="pdu02.LON5.Contoso.com"
| bin _time span=1h
| stats count as samples sum(value) as watt_sum by _time
| eval kW_Sum=watt_sum/1000
| eval avg_kWh=kW_Sum/samples
| addcoltotals

 

2022-05-30 18:00 12 44335.0 3.69458 44.3350
....        
2022-05-31 23:00 12 43489.0 3.62408 43.4890
  7686 27425688.0 2595.96346 27425.6880

  

Labels (2)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎09-02-2022 04:55 AM

Hi @mallaht,

please try something like this:

index=network sourcetype=zabbix metric_name="st4InputCordActivePower" host_name="pdu02.LON5.Contoso.com"
| stats count sum(value) as watt_sum by host
| eval kW_Sum=watt_sum/1000
| eval avg_kWh=kW_Sum/count
| tables host kW_Sum avg_kWh
| addcoltotals

If you ahve problems to modify this search I hint to follow the Splunk Search Tutorial (https://docs.splunk.com/Documentation/SplunkCloud/8.2.2203/SearchTutorial/WelcometotheSearchTutorial)

Ciao.

Giuseppe

0 Karma
Reply

mallaht
Loves-to-Learn
‎09-02-2022 07:07 AM

Thanks, I'll give the documentation a read.

I've changed the search to now return a single value but I can not get it to show the PDU name in the results is returns a empty field

0 Karma
Reply

mallaht
Loves-to-Learn
‎09-02-2022 07:07 AM

index=network sourcetype=databus_zenoss metric_name="st4InputCordActivePower" host_name="pdu02r102-cprod.euw11.gi-nw.viasat.io"
| bin _time span=1h
| stats count as samples sum(value) as watt_sum by _time
| eval avg_kWh=(watt_sum/1000)/samples
| eval PDU=host_name
| eventstats sum(avg_kWh) as total
| dedup total
| table PDU total

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...