Hi @Newser703
you can try eventstats it should give you the output you are looking for
| makeresults |eval Name="Name1",Type="TypeA",Value=2
|append[|makeresults |eval Name="Name1",Type="TypeB",Value=4]
|append[|makeresults |eval Name="Name1",Type="TypeC",Value=6]
|append[|makeresults |eval Name="Name2",Type="TypeA",Value=4]
|append[|makeresults |eval Name="Name2",Type="TypeB",Value=8]
|append[|makeresults |eval Name="Name2",Type="TypeC",Value=3]
|append[|makeresults |eval Name="Name3",Type="TypeA",Value=1]
|append[|makeresults |eval Name="Name3",Type="TypeB",Value=5]
|append[|makeresults |eval Name="Name3",Type="TypeC",Value=7]
|eventstats sum(Value) AS SumbyName by Name |fields - _time
If it helps karma is appreciated/if it resolves acceptance as solution is appreciated
Hi @Newser703
you can try eventstats it should give you the output you are looking for
| makeresults |eval Name="Name1",Type="TypeA",Value=2
|append[|makeresults |eval Name="Name1",Type="TypeB",Value=4]
|append[|makeresults |eval Name="Name1",Type="TypeC",Value=6]
|append[|makeresults |eval Name="Name2",Type="TypeA",Value=4]
|append[|makeresults |eval Name="Name2",Type="TypeB",Value=8]
|append[|makeresults |eval Name="Name2",Type="TypeC",Value=3]
|append[|makeresults |eval Name="Name3",Type="TypeA",Value=1]
|append[|makeresults |eval Name="Name3",Type="TypeB",Value=5]
|append[|makeresults |eval Name="Name3",Type="TypeC",Value=7]
|eventstats sum(Value) AS SumbyName by Name |fields - _time
If it helps karma is appreciated/if it resolves acceptance as solution is appreciated
