Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create fields dynamically

wolfgangs
Engager
‎12-20-2021 06:22 AM

Hi,
I have events which contain 3 Fields: "StartDate", "Value_per_month" and "Nr_of_Month". They basically disclose some monthly financial flow which beginns at "StartDate" and ends after "Nr_of_Month".
The goal is to show a sum of "Value_per_month" for each month over all events.

In most cases the dates are in the future, so it will be a bit tricky to get this to work. However, at least a table view would be great and use some basic vizualisation on top. I thought I could create fields for each month, for example "value_yyyy-mm" and assign the value to each and then sum up the values in each field accross all events.
However I have not found a way to do this dynamically in a loop for X times, based on variable "Nr_of_Month".
I have checked combinations of eval, makeresults, foreach, gentimes, etc.

Any basic idea how to approach this would be welcome.
Many thanks in advance

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-20-2021 09:39 AM

Can you give some sample events showing the issues you are dealing with?

0 Karma
Reply

wolfgangs
Engager
‎12-20-2021 11:44 AM

of course an example might tell more than a page of explanation, sorry for not adding initially 😉
imagine several contracts with monthly payment, one contract per event. First one runs for 6 month, second for 4 month

 StartDateValue of MonthNr_of month
event 15th Dec 20213.56
event 28th Jan 20221.54

 

my thoughts to add fields:

 2021-122022-012022-022022-032022-042022-05
event 13.53.53.53.53.53.5
event 2not existing1.51.51.51.5not existing

 

expected result:
I would like to see the payment to expect each month

Monthsum of Value
2021-123.5
2022-015
2022-025
2022-035
2022-045
2022-053.5

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...