Solved: How do you calculate the totals of each table row ...

johnward4 · ‎01-03-2019

How do you calculate the totals of each single row of a table and display that value in a new fields, much like addcoltotals but for rows?

richgalloway · ‎01-03-2019

Use eval.

index=foo | eval total=field1 + field2 + field3 | table field1, field2, field3, total

You can also use foreach if you don't want to add the fields yourself.

index=foo | fields - _time | eval total=0 | foreach * [eval total=total+<<FIELD>>] | table *

---
If this reply helps you, Karma would be appreciated.

View solution in original post

jotne · ‎10-30-2023

You can use the command addtotals totals for rows.

| makeresults
| eval mon=10, tue=23, wen=12, thu=2, fri=15
| addtotals

You get a new field with name Total with value 62

vikas_baranwal · ‎01-17-2019

Hi John,

I hope you must have got the answer but just for addition,

You can also use addtotals in the last of your SPL so it will add a new column named "Total" as last of the columns. and for each row as a result, it will be sum of numeric values of every column in the table.

Thanks

richgalloway · ‎01-03-2019

Use eval.

index=foo | eval total=field1 + field2 + field3 | table field1, field2, field3, total

You can also use foreach if you don't want to add the fields yourself.

index=foo | fields - _time | eval total=0 | foreach * [eval total=total+<<FIELD>>] | table *

---
If this reply helps you, Karma would be appreciated.

How do you calculate the totals of each table row and display those values as new fields?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!