Splunk Search
Highlighted

How to combine same Field1 values and sum corresponding Field2 numeric values?

New Member

Hello,

This is difficult to explain, however, what I am trying to do is take the following:
(field 1=Name, Field 2=Quantity)
Field 1 - 1000 different names
Field 2 - Quantity of times Field 1 is used

Result -
I would like To combine similar names in field 1 and take the field 2 results which correspond with those names and have them listed.

So example: Field 1 = names Field 2 = Quantity 00 Final results - Combined Names = Total Quantity

Blockquote

Field 1 =Name Field 2 = #

Frog Legs 20

Frog Legs 250

Frog Legs 120
Eyeballs 50
Eyeballs 20
Eyeballs 70

Results: Field 1 = Name Field 2= Total Sum

Frog Legs 390
Eyeballs 140

Blockquote

Sorry for the awful formatting

Tags (2)
0 Karma
Highlighted

Re: How to combine same Field1 values and sum corresponding Field2 numeric values?

Influencer

Try this

Your base search | stats sum(Quantity) as "Total Sum" by Name
Highlighted

Re: How to combine same Field1 values and sum corresponding Field2 numeric values?

New Member

Hello, thank you for your help. I think i have that part figure'd out now thanks to your help, but i want to |sort_time and the times are not showing up. I'm thinking it's because it's grouping things together.

0 Karma
Highlighted

Re: How to combine same Field1 values and sum corresponding Field2 numeric values?

Influencer

In your example you did not give time column.

Try this
Your base search | stats sum(Quantity) as "Total Sum" by _time, Name

After that you sort it in whatever order you need

0 Karma
Highlighted

Re: How to combine same Field1 values and sum corresponding Field2 numeric values?

SplunkTrust
SplunkTrust

It would be helpful if you provide the sample logs and expected output fields/format.

0 Karma