Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I add the values in a single row and three columns?

Bala
Explorer
‎03-11-2022 06:15 AM

stats count(eval(searchmatch(Bala))) as A count(eval(searchmatch(kasa))) as B count(eval(searchmatch(reddy))) as C 

A B C
1 2 3

 

now i want the total of these row values as single table

 

Total
6
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

venky1544
Builder
‎03-11-2022 06:20 AM

Hi @Bala 

use

| addtotals |fields -A,B,C  it should give you total 6

View solution in original post

0 Karma
Reply
Solved! Jump to solution

Bala
Explorer
‎03-11-2022 07:33 AM

Yes, i got the result now i want to rename the total as Failure

And also what if i want to add only the B & C column values and A keep remain same.

ABC
123

 

Result should be

ATotal (rename it as count)
15
0 Karma
Reply
Solved! Jump to solution

Bala
Explorer
‎03-11-2022 07:23 AM

Yes, i got the result now i want to rename the total as Failure

0 Karma
Reply
Solved! Jump to solution

venky1544
Builder
‎03-11-2022 07:39 AM

Hi @Bala 

Just use the rename command should work 

| addtotals |fields - A,B,C |rename Total as Failure

 

Note : PLease accept the solution if the reply worked for you it might help others as well 

0 Karma
Reply
Solved! Jump to solution

Bala
Explorer
‎03-11-2022 07:46 AM

Yes, i got the result now i want to rename the total as Failure

And also what if i want to add only the B & C column values and A keep remain same.

ABC
123

 

Result should be

ATotal (rename it as count)
15
Tags (1)
0 Karma
Reply
Solved! Jump to solution

venky1544
Builder
‎03-11-2022 07:59 AM

|makeresults |eval Name1="Bala",Name2="kasa",Name3="Reddy"
|append [|makeresults |eval Name2="kasa",Name3="Reddy"]
|append [|makeresults |eval Name3="Reddy"]|
stats count(eval(Name1="Bala")) AS A,count(eval(Name2="kasa")) AS B,count(eval(Name3="Reddy")) AS C | eval count=B+C |fields - B,C

0 Karma
Reply
Solved! Jump to solution

Bala
Explorer
‎03-11-2022 06:24 AM

| addtotals 

will give  the results by adding one more column at the table like below

ABCTotal
1236

 

but i want it as single table , i want to dispaly the total as below

Total
6

 

0 Karma
Reply
Solved! Jump to solution
Solution

venky1544
Builder
‎03-11-2022 06:20 AM

Hi @Bala 

use

| addtotals |fields -A,B,C  it should give you total 6

0 Karma
Reply
Solved! Jump to solution

venky1544
Builder
‎03-11-2022 07:24 AM

 

FYI 

venky1544_1-1647012265053.png

 

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...