Solved: How to Combine similar fields?

din98 · ‎07-05-2022

Hey all,

I have a summary table that shows these values and there are also some common values.

Process	Error	Success	Total
A	5	5	10
B	6	9	15
A	7	2	9
C	3	8	11
C	1	3	4
B	5	5	10

I want to combine these common values (under Process) and also add the numerical values together. I am hoping for a result like this in my summary table.

Process	Error	Success	Total
A	12	7	19
B	11	14	25
C	4	11	15

Any help would be much appreciated. Thanks!

danielcj · ‎07-05-2022

Hello @din98 ,

Please try the following (assuming that your results are already on a table):

| stats sum(Error) as Error, sum(Success) as Success by Process
| addtotals

View solution in original post

din98 · ‎07-05-2022

Thanks guys! I generated the results successfully 🙂

ITWhisperer · ‎07-05-2022

| stats sum(*) as * by Process

danielcj · ‎07-05-2022

Hello @din98 ,

Please try the following (assuming that your results are already on a table):

| stats sum(Error) as Error, sum(Success) as Success by Process
| addtotals

How to Combine similar fields?

count

eval

fields

join

stats

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Join the Conversation

How to Combine similar fields?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.