Solved: How to add the values of a column and show the res...

vrmandadi · ‎02-25-2016

Hello Expebrts,

I am trying to add the values of a column and show the result in another field, but I am not able to generate it.

Example:

index=abc |stats count by name

Current Output:
a_req 4
a_resp 2
b_req 5
b_resp 5

Desired Output:
a 6

b 10

It should add a_req and a_resp and show a result in new column with the aggregate values

richgalloway · ‎02-25-2016

The current search is counting name. If you want to count by a different field, you have to specify that field (and create it, if necessary). Try this:

index=abc | rex field=name "(?<aggrName>\w+)_" | stats count by aggrName

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-25-2016

The current search is counting name. If you want to count by a different field, you have to specify that field (and create it, if necessary). Try this:

index=abc | rex field=name "(?<aggrName>\w+)_" | stats count by aggrName

---
If this reply helps you, Karma would be appreciated.

vrmandadi · ‎02-25-2016

Thanks richgalloway

How to add the values of a column and show the result as a separate field?

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services