Hi, I have table below
then I need to grouping field and need to eval (+ )the value become below table
Help please..🙏
1 Solution
@b1211ry - You can try adding the below lines at the bottom of your search:
| appendpipe [| rename Application as Common_ProcessName, count_application as count_process]
| stats sum(count_process) as count_process by Common_ProcessName
Here my test example query:
| makeresults
| eval Common_ProcessName="Excel", count_process=1, Application="Outlook", count_application=2
| append [| makeresults | eval Common_ProcessName="Outlook", count_process=1]
| fields - _time
| appendpipe [| rename Application as Common_ProcessName, count_application as count_process]
| stats sum(count_process) as count_process by Common_ProcessName
Consider accepting/upvoting answer if this helps!!!
@b1211ry - You can try adding the below lines at the bottom of your search:
| appendpipe [| rename Application as Common_ProcessName, count_application as count_process]
| stats sum(count_process) as count_process by Common_ProcessName
Here my test example query:
| makeresults
| eval Common_ProcessName="Excel", count_process=1, Application="Outlook", count_application=2
| append [| makeresults | eval Common_ProcessName="Outlook", count_process=1]
| fields - _time
| appendpipe [| rename Application as Common_ProcessName, count_application as count_process]
| stats sum(count_process) as count_process by Common_ProcessName
Consider accepting/upvoting answer if this helps!!!
