Splunk Search

How to add the field values based on the criteria

kartm2020
Communicator

I want to add the in_usage and out_usage value from the below table.

for example, I want to add in_usage with out_usage and result should be as total. Likewise for other values. can someone give ideas for this.

_timesourcestatusAvgmetric_name
11/3/2021 5:02Interface_Summary_Outout_usage16.01833333GigabitEthernet0/1
11/3/2021 5:00Interface_Summary_Inin_usage5.555GigabitEthernet0/1
11/3/2021 4:02Interface_Summary_Outout_usage17.085GigabitEthernet0/1
11/3/2021 4:00Interface_Summary_Inin_usage5.270833333GigabitEthernet0/1
11/3/2021 3:02Interface_Summary_Outout_usage17.425GigabitEthernet0/1
11/3/2021 3:00Interface_Summary_Inin_usage5.48GigabitEthernet0/1

 

Please refer the attached screenshot for you reference

Labels (2)
Tags (1)
0 Karma
1 Solution

ITWhisperer
SplunkTrust
SplunkTrust
| bin _time span=1h
| stats sum(Avg) as total by _time

View solution in original post

0 Karma

kartm2020
Communicator

Thank you. It worked. I have different hostname and metric_name. So i have added host and metric_name at the end

| bin _time span=1h
| stats sum(Avg) as total by _time host metric_name

 

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust
| bin _time span=1h
| stats sum(Avg) as total by _time
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...