Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to combine stats count results?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have this string and I want the output for this result to be combined on one line and also sum the results
index="grade-stat" host ="student" source="exam"|
eval Result=case(match(_raw,"Pass"),"Result Successful",
match(_raw,"Fail"),"Result failed" ) | stats count by Grade, Result
**current output
Grade-A Result Successful 125675
Grade-A Result failed 4004
Grade-B Result Successful 145134
Grade-B Result failed 2695
***desired result
Grade-A Result Successful 125675 Result failed 4004 total= 129679
Grade-B Result Successful 145134 Result failed 2695 total= 147824
What I need is the output to be on same line instead 2 lines for each grade, and if possible, to sum the success and failed count.
thanks,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would something like this work for you?
index="grade-stat" host="student" source="exam"
| stats count(eval(_raw LIKE "%Pass%")) as "Result Successful" , count(eval(_raw LIKE "%Fail%")) as "Result failed" by Grade
| addtotals
That would give you something like this:
Grade Result Success Result Failed Total
A 125675 4004 129679
B 145134 2695 147829
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Would something like this work for you?
index="grade-stat" host="student" source="exam"
| stats count(eval(_raw LIKE "%Pass%")) as "Result Successful" , count(eval(_raw LIKE "%Fail%")) as "Result failed" by Grade
| addtotals
That would give you something like this:
Grade Result Success Result Failed Total
A 125675 4004 129679
B 145134 2695 147829
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
working perfectly, thanks you so very much.
Fastest way to demo Observability
September Community Champions: A Shoutout to Our Contributors!
Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps
