Re: How to combine same Field1 values and sum corr...

krb · ‎07-24-2014

Hello,

This is difficult to explain, however, what I am trying to do is take the following:
(field 1=Name, Field 2=Quantity)
Field 1 - 1000 different names
Field 2 - Quantity of times Field 1 is used

Result -
I would like To combine similar names in field 1 and take the field 2 results which correspond with those names and have them listed.

So example: Field 1 = names Field 2 = Quantity 00 Final results - Combined Names = Total Quantity

Blockquote

Field 1 =Name Field 2 = #

Frog Legs 20

Frog Legs 250

Frog Legs 120
Eyeballs 50
Eyeballs 20
Eyeballs 70

Results: Field 1 = Name Field 2= Total Sum

Frog Legs 390
Eyeballs 140

Blockquote

Sorry for the awful formatting

strive · ‎07-24-2014

Try this

Your base search | stats sum(Quantity) as "Total Sum" by Name

somesoni2 · ‎08-25-2014

It would be helpful if you provide the sample logs and expected output fields/format.

strive · ‎08-24-2014

In your example you did not give time column.

Try this
Your base search | stats sum(Quantity) as "Total Sum" by _time, Name

After that you sort it in whatever order you need

krb · ‎08-24-2014

Hello, thank you for your help. I think i have that part figure'd out now thanks to your help, but i want to |sort_time and the times are not showing up. I'm thinking it's because it's grouping things together.

How to combine same Field1 values and sum corresponding Field2 numeric values?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor