Solved: How to get the sum of multiple rows based on a dif...

dwear · ‎06-17-2016

I have a CSV with 3 columns; Username, AD group, Logins (Logins being total number of logins for that user). I want to sum the number of total logins per Active Directory group. I started with:

|stats(count) by group

But that just gives me the number of times each group appears in the CSV (which generally equals the number of users in that group). How do I make it sum Logins per AD Group?

Any help is appreciated.

somesoni2 · ‎06-17-2016

Use this. Your question describe the solution

How do I make it sum Logins per AD Group?

your base search | stats sum(Logins) as count by group

View solution in original post

somesoni2 · ‎06-17-2016

Use this. Your question describe the solution

How do I make it sum Logins per AD Group?

your base search | stats sum(Logins) as count by group

dwear · ‎06-17-2016

Thanks. The "as count" is what I was missing I guess.

How to get the sum of multiple rows based on a different column?

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Are you a member of the Splunk Community?

How to get the sum of multiple rows based on a different column?

Shape the Future of Splunk: Join the Product Research Lab!

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions