Solved: How to calculate multiple fields total count?

Min1025 · ‎06-19-2018

I have following fileds, I want to calculate the total f count: (count(f1)+count(f2)+count(f3)+count(f4))=3+3+2+1=9. How can I get the total result 9?

fl=1, f2=3, f3=5
f1=2, f2=2
f1=2, f2=3, f3=3, f4=1

renjith_nair · ‎06-19-2018

Hi @Min1025,

If you have only these fields as output, you could try

your search|fields "f1,f2,e.t.c." |stats count(*) as *|addtotals

Reference : https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Addtotals

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

renjith_nair · ‎06-19-2018

Hi @Min1025,

If you have only these fields as output, you could try

your search|fields "f1,f2,e.t.c." |stats count(*) as *|addtotals

Reference : https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Addtotals

---
What goes around comes around. If it helps, hit it with Karma 🙂

Min1025 · ‎06-19-2018

Thank you, it works.

How to calculate multiple fields total count?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

Analytics Workspace deprecation

Splunk Developer Day Recap: Building, Publishing, and Growing on the Splunk Platform

Join the Conversation