Splunk Search

How to sum 2 rows in a table?

niddhi
Explorer

Hi,

In the logs i am analyzing, one of the field's value has changed (change is from '-' to '_'). For example if it was A-1 before, now its A_1. The rest of the entries are as is. So my table looks something like this:

category            error         exception
    A-1                5              0
    A_1                2              1
    B-1                3              0

I want to combine A-1 and A_1 as single row and the output should be something like:

category      error    exception
    A-1         7            1
    B-1         3            0

Any pointers are appreciated.

Thanks!

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Try adding | replace "_" with "-" in category before your stats command.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Try adding | replace "_" with "-" in category before your stats command.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

0 Karma

niddhi
Explorer

Thanks, replace worked. The mentioned syntax didn't work exactly, but it worked in this format:
eval category = replace(category, "A_1", "A-1").Thanks so much, you saved the day!!

0 Karma