Solved: How to get the sum of multiple rows based on a dif...

dwear · ‎06-17-2016

I have a CSV with 3 columns; Username, AD group, Logins (Logins being total number of logins for that user). I want to sum the number of total logins per Active Directory group. I started with:

|stats(count) by group

But that just gives me the number of times each group appears in the CSV (which generally equals the number of users in that group). How do I make it sum Logins per AD Group?

Any help is appreciated.

somesoni2 · ‎06-17-2016

Use this. Your question describe the solution

How do I make it sum Logins per AD Group?

your base search | stats sum(Logins) as count by group

View solution in original post

somesoni2 · ‎06-17-2016

Use this. Your question describe the solution

How do I make it sum Logins per AD Group?

your base search | stats sum(Logins) as count by group

dwear · ‎06-17-2016

Thanks. The "as count" is what I was missing I guess.

How to get the sum of multiple rows based on a different column?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Join the Conversation

How to get the sum of multiple rows based on a different column?

Index This | What is broken 80% of the time by February?

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Splunk MCP & Agentic AI: Machine Data Without Limits