Solved: How to add a new row to my table that add the coun...

avi7326 · ‎08-30-2023

I want to add three fields insert ,update and error then subtract it from count_carmen and add new row .

ITWhisperer · ‎08-31-2023

You could add this line if you want the total

| eval total=inserts+updates+errors

View solution in original post

ITWhisperer · ‎08-30-2023

| addcoltotals count_carmen inserts updates errors
| eval count_carmen=if(isnull(_time),count_carmen-inserts-updates-errors,count_carmen)
| eval inserts=if(isnull(_time),null(),inserts)
| eval updates=if(isnull(_time),null(),updates)
| eval errors=if(isnull(_time),null(),errors)

avi7326 · ‎08-31-2023

It is giving me a new column and row what if I only wants a column of field name difference.

ITWhisperer · ‎08-31-2023

You literally said "add new row"!

If you just want the difference, try this

| eval difference=count_carmen-inserts-updates-errors

avi7326 · ‎08-31-2023

It is giving a wrong count. I want to add the insert+update+error. Then subtract it from count_carmen.

ITWhisperer · ‎08-31-2023

You could add this line if you want the total

| eval total=inserts+updates+errors

ITWhisperer · ‎08-31-2023

Remove these lines (they were only required when you had the extra row (that you originally asked for)

| eval inserts=if(isnull(_time),null(),inserts)
| eval updates=if(isnull(_time),null(),updates)
| eval errors=if(isnull(_time),null(),errors)

How to add a new row to my table that add the counts of three fields and subtract from another field?

eval

Developer Spotlight with Brett Adams

Index This | What can you do to make 55,555 equal 500?

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...