Splunk Search

How to get sum of all the results

dpdwibedy
Explorer

Hi All,

I'm using a query to get the total total count of  a filed ( different error messages ) .
Here is the search and stats being displayed:

 

index=sp_dev  "ProductHandler" | rex field=message "operation\\\":\\\"(?<ErrorMessage>[A-Za-z]+)\\\""| stats count by ErrorMessage

ErrorMessage Count

ProductNotFound         10

DuplicateProduct          36

InvalidProductCode     18

 

I want  the total number of  these 3 error messages   as  TotalErrors.

Thanks,

DD

Labels (1)
0 Karma
1 Solution

isoutamo
SplunkTrust
SplunkTrust

Then the best option is add to the end (w/o addcoltotals)

| stats sum(Count) as TotalError

r. Ismo

View solution in original post

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

Add the next line to end of your query

| addcoltotals labelfield=ErrorMessage Count

r. Ismo

0 Karma

dpdwibedy
Explorer

@isoutamo  : I am seeing same result as mine.

I want  only one column with count.

 

TotalError     

40

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Then the best option is add to the end (w/o addcoltotals)

| stats sum(Count) as TotalError

r. Ismo

0 Karma

dpdwibedy
Explorer

Thanks! . That worked.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...