I have two fiels. Deny and Monitor. I want to draw timechart added by SUM field. Can i add SUM field?
_time A B _time A B SUM 0:0:0 1 2 => 0:0:0 1 2 3 0:0:1 3 3 0:0:1 3 3 6
use the | addtotals command. see http://docs.splunk.com/Documentation/Splunk/5.0.1/SearchReference/Addtotals
| addtotals
mysearch | table _time A B | addtotals
It's very simple..thnx
or if you have fixed list of fields use an eval to do the sum mysearch | eval SUM=A+B | table _time A B SUM
mysearch | eval SUM=A+B | table _time A B SUM
