Solved: How to convert multiples data field using xyseries...

Ashwini008 · ‎06-06-2022

Hi,

My data is in below format

I am trying to add the total of all the columns and show it as below

Please help me on how can i achieve this and also i am trying to sort by rename 1 2 as JAN FEB so on but after renaming it is sorting by alphabetical order. How can i sort based on month wise?

PickleRick · ‎06-06-2022

1. Use addttotals. Since you probably don't want totals column-wise, use col=false

2. At the end of your search (after rename and all calculations), add

| table CURRENCY Jan Feb [...] Total

View solution in original post

ITWhisperer · ‎06-06-2022

Depending on the number of rows you have, transpose might be another solution

| transpose 0 header_field=CURRENCY column_name=CURRENCY
| sort 0 CURRENCY
| eval CURRENCY=strftime(strptime("2022-".CURRENCY."-1","%Y-%m-%d"),"%b")
| transpose 0 header_field=CURRENCY column_name=CURRENCY
| addtotals col=f

PickleRick · ‎06-06-2022

1. Use addttotals. Since you probably don't want totals column-wise, use col=false

2. At the end of your search (after rename and all calculations), add

| table CURRENCY Jan Feb [...] Total

Ashwini008 · ‎06-06-2022

@PickleRick Thank You, it worked fine.

Could you please help me with one more solution

I am appending the 3 results and now how do i add the total of 3 results.

PickleRick · ‎06-07-2022

Now you do need the column-wise totals. So just do col=true (or don't specify it at all - true is the default setting if I remember correctly)

How to convert multiples data field using xyseries and sort data Month wise?

fields

lookup

stats

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!