Solved: How to add a fixed value into the stats count?

sunilkumarpk · ‎04-04-2016

I am trying to have a single value panel. The search for the same is given below:

index=* host="prodserver-*" source="/var/log/some.log" "something happened" | stats count

I need to add a fixed value of 1000 to the count value. I tried to use eval and add the value to count but its not working 😞
I can add two fixed values like the one given below, but using "count" is not working.

This works:

index=* host="prodserver-*" source="/var/log/some.log" "something happened" | eval totalCount = 1 + 1000 |stats max(totalCount)

This does not work:

index=* host="prodserver-*" source="/var/log/some.log" "something happened" | eval totalCount = count + 1000 |stats max(totalCount)

I am new to Splunk so please forgive me if this is a silly question :).

somesoni2 · ‎04-05-2016

Try like this

index= host="prodserver-*" source="/var/log/some.log" "something happened" | stats count | eval count=count+1000

View solution in original post

somesoni2 · ‎04-05-2016

Try like this

index= host="prodserver-*" source="/var/log/some.log" "something happened" | stats count | eval count=count+1000

sunilkumarpk · ‎04-05-2016

that worked, thank you

ppablo · ‎04-07-2016

Hi @sunilkumarpk

Glad you found an answer through @somesoni2. Please don't forget to resolve the post by clicking "Accept" directly below his answer. Thanks!

Patrick

How to add a fixed value into the stats count?

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?