Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to add counts and sum from different fields

amal1234
Engager
‎07-16-2019 04:07 AM

Hi,

New to Splunk and still trying to get to grips with it. I am trying to present a single table with the following coloumns:
- a list of Services
- a count of these services
- add up all the numbers of a specific field (NumberOfCalls) for each of these services

This is the query I am running:

*Base Query*
| stats count by Service NumberOfCalls

This outputs the following, which is counting the NumberOfCalls - not the Service so there are duplicate Services:

Service NumberOfCalls   count
UAT2        1           2
UAT6        1           5
UAT6        4           2

What is should look like it this (counting the service and adding all the NumberOfCalls per service)

Service NumberOfCalls   count
UAT2        2           2
UAT6        13          7

I know the search query is very basic but I have tried numerous variations, and all are wrong.

Any suggestions please on how I can get this to work? Hope it all makes sense!

Thanks,
AM

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-16-2019 05:52 AM

Try *Base Query* | stats count, sum(NumberOfCalls) as NumberOfCalls by Service.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎07-16-2019 05:52 AM

Try *Base Query* | stats count, sum(NumberOfCalls) as NumberOfCalls by Service.

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

amal1234
Engager
‎07-19-2019 05:34 AM

Thanks. Such a simple solution, I almost feel silly asking!

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...