Splunk Search
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I sum like fields from like events and show results?

tchampagne
New Member
‎11-26-2014 07:39 AM

I have a search that extracts the events and fields that I want. I want to sum the fields in like events. Here is a sample of the data that I have:
Events | Field1 | Field2
-------------------------------------
event1 | 6 | 2
event2 | 3 | 1
event1 | 2 | 4
event2 | 1 | 2
event2 | 5 | 2
event3 | 8 | 3

I would like to end up with the following:
Events | Field1 | Field2
-------------------------------------
event1 | 8 | 6
event2 | 9 | 5
event3 | 8 | 3

Is this possible? Any clues?

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-26-2014 08:04 AM

Try this

<your search> | stats sum(Field1) as Sum1, sum(Field2) as Sum2 by Events | table Events Sum1 Sum2
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎11-26-2014 08:04 AM

Try this

<your search> | stats sum(Field1) as Sum1, sum(Field2) as Sum2 by Events | table Events Sum1 Sum2
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureThursday, March 27, 2025  |  11AM PST / 2PM EST | Register NowStep boldly ...

Splunk AppDynamics with Cisco Secure Application

Web applications unfortunately present a target rich environment for security vulnerabilities and attacks. ...
Top