Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add Total grouped by a field ?

zacksoft
Contributor
‎01-02-2018 01:49 AM

My table output gives me values in two columns . Column 1 gives different user name, Column 2 gives transaction time.
Column 1 contains user ids (repeated many time over differenr transactions).

I want to find what the transaction time ordered by user name.
Is it possible to achieve ?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎01-02-2018 02:34 AM

hey zacksoft
Try below query:

your_base_query | rename "Transaction Time" as transaction_time | stats sum(transaction_time) as transaction_time by User

Let me know if this helps you!

View solution in original post

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎01-02-2018 02:35 AM

Hi

Are you looking for like this?

YOUR_SEARCH | table User "Transaction Time" | stats sum("Transaction Time")  by User

Thanks
Kamlesh

0 Karma
Reply
Solved! Jump to solution
Solution

mayurr98
Super Champion
‎01-02-2018 02:34 AM

hey zacksoft
Try below query:

your_base_query | rename "Transaction Time" as transaction_time | stats sum(transaction_time) as transaction_time by User

Let me know if this helps you!

0 Karma
Reply
Solved! Jump to solution

493669
Super Champion
‎01-02-2018 02:29 AM

Can you try below 

...| table Transactiontime user|stats sum(Transactiontime) by user
0 Karma
Reply
Solved! Jump to solution

mayurr98
Super Champion
‎01-02-2018 02:08 AM

its possible to achieve. Can you pls elaborate more on what do you want exactly by providing sample input and output values?

0 Karma
Reply
Solved! Jump to solution

zacksoft
Contributor
‎01-02-2018 02:21 AM

User Transaction Time
Tom 15
Pean 14
Harry 12
Tom 15
Bob 11
John 19
Pean 10

Above is the sample input in tabular format.
I want to see Transaction time ordered by user.
like this
Tom 30
Penn 24
etc ....

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...