How to add or sum values in a timechart?

sridharreddy · ‎08-09-2016

Hi Splunkers,

How to add or SUM values in timechart as shown below:

Search I used:

base search|transaction....|timechart sum(duration) as duration by stage

Below is my current output:

_time                  stage1    stage2    stage3         
2016-08-09 09:40:00      10                      
2016-08-09 09:43:00                4         1
2016-08-09 09:44:00      5         2
2016-08-09 09:48:00

Expected output:

_time                  stage1    stage2    stage3         
2016-08-09 09:40:00      15                      
2016-08-09 09:43:00                4         3
2016-08-09 09:44:00                                       
2016-08-09 09:48:00

Thanks

sundareshr · ‎08-09-2016

Try this

base search|transaction.... | eventstats latest(_time) as time by stage |chart sum(duration) as duration over time by stage

How to add or sum values in a timechart?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!