Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to sum a field with a 'by' clause in pivot UI?

mjones414
Contributor
‎08-20-2014 01:43 PM

index=_internal per_sourcetype_thruput series!=splunkd | eval gb=kb/1024/1024 | timechart span=1d useother=f sum(gb) by series

So I have a created a root datamodel of index=_internal source=/opt/splunk/var/log/splunk/metrics.log*

and a child object of per_sourcetype_thruput series!=splunkd

and an eval field for gb that is kb/1024/1024

I'm getting the right fields, but for the field gb field I have no sum function with or without putting a by clause split. What do I have to do to sum a field with a by clause in pivot UI?

Tags (4)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎08-21-2014 12:44 AM

Make sure you set the type of that field to Number rather than String.

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...