Hello,
This is difficult to explain, however, what I am trying to do is take the following:
(field 1=Name, Field 2=Quantity)
Field 1 - 1000 different names
Field 2 - Quantity of times Field 1 is used
Result -
I would like To combine similar names in field 1 and take the field 2 results which correspond with those names and have them listed.
So example: Field 1 = names Field 2 = Quantity 00 Final results - Combined Names = Total Quantity
Blockquote
Field 1 =Name Field 2 = #
Frog Legs 20
Frog Legs 250
Frog Legs 120
Eyeballs 50
Eyeballs 20
Eyeballs 70
Results: Field 1 = Name Field 2= Total Sum
Frog Legs 390
Eyeballs 140
Blockquote
Sorry for the awful formatting
Try this
Your base search | stats sum(Quantity) as "Total Sum" by Name
It would be helpful if you provide the sample logs and expected output fields/format.
In your example you did not give time column.
Try this
Your base search | stats sum(Quantity) as "Total Sum" by _time, Name
After that you sort it in whatever order you need
Hello, thank you for your help. I think i have that part figure'd out now thanks to your help, but i want to |sort_time and the times are not showing up. I'm thinking it's because it's grouping things together.