Solved: How to add the values of a column and show the res...

vrmandadi · ‎02-25-2016

Hello Expebrts,

I am trying to add the values of a column and show the result in another field, but I am not able to generate it.

Example:

index=abc |stats count by name

Current Output:
a_req 4
a_resp 2
b_req 5
b_resp 5

Desired Output:
a 6

b 10

It should add a_req and a_resp and show a result in new column with the aggregate values

richgalloway · ‎02-25-2016

The current search is counting name. If you want to count by a different field, you have to specify that field (and create it, if necessary). Try this:

index=abc | rex field=name "(?<aggrName>\w+)_" | stats count by aggrName

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎02-25-2016

The current search is counting name. If you want to count by a different field, you have to specify that field (and create it, if necessary). Try this:

index=abc | rex field=name "(?<aggrName>\w+)_" | stats count by aggrName

---
If this reply helps you, Karma would be appreciated.

vrmandadi · ‎02-25-2016

Thanks richgalloway

How to add the values of a column and show the result as a separate field?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?

How to add the values of a column and show the result as a separate field?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...