Solved: How to Combine similar fields?

din98 · ‎07-05-2022

Hey all,

I have a summary table that shows these values and there are also some common values.

Process	Error	Success	Total
A	5	5	10
B	6	9	15
A	7	2	9
C	3	8	11
C	1	3	4
B	5	5	10

I want to combine these common values (under Process) and also add the numerical values together. I am hoping for a result like this in my summary table.

Process	Error	Success	Total
A	12	7	19
B	11	14	25
C	4	11	15

Any help would be much appreciated. Thanks!

danielcj · ‎07-05-2022

Hello @din98 ,

Please try the following (assuming that your results are already on a table):

| stats sum(Error) as Error, sum(Success) as Success by Process
| addtotals

View solution in original post

din98 · ‎07-05-2022

Thanks guys! I generated the results successfully 🙂

ITWhisperer · ‎07-05-2022

| stats sum(*) as * by Process

danielcj · ‎07-05-2022

Hello @din98 ,

Please try the following (assuming that your results are already on a table):

| stats sum(Error) as Error, sum(Success) as Success by Process
| addtotals

How to Combine similar fields?

count

eval

fields

join

stats

table

Routing logs with Splunk OTel Collector for Kubernetes

New This Month - Observability Updates Give Extended Visibility and Improve User ...

Intro to Splunk Synthetic Monitoring