Solved: How to add counts and sum from different fields

amal1234 · ‎07-16-2019

Hi,

New to Splunk and still trying to get to grips with it. I am trying to present a single table with the following coloumns:
- a list of Services
- a count of these services
- add up all the numbers of a specific field (NumberOfCalls) for each of these services

This is the query I am running:

*Base Query*
| stats count by Service NumberOfCalls

This outputs the following, which is counting the NumberOfCalls - not the Service so there are duplicate Services:

Service NumberOfCalls   count
UAT2        1           2
UAT6        1           5
UAT6        4           2

What is should look like it this (counting the service and adding all the NumberOfCalls per service)

Service NumberOfCalls   count
UAT2        2           2
UAT6        13          7

I know the search query is very basic but I have tried numerous variations, and all are wrong.

Any suggestions please on how I can get this to work? Hope it all makes sense!

Thanks,
AM

richgalloway · ‎07-16-2019

Try *Base Query* | stats count, sum(NumberOfCalls) as NumberOfCalls by Service.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎07-16-2019

Try *Base Query* | stats count, sum(NumberOfCalls) as NumberOfCalls by Service.

---
If this reply helps you, Karma would be appreciated.

amal1234 · ‎07-19-2019

Thanks. Such a simple solution, I almost feel silly asking!

How to add counts and sum from different fields

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!