How to sum all the Latest events for the specific ...

Boopalan · ‎07-08-2020

How to sum all the Latest events for the specific field

Example:

Raw data of the event:

Client=XXXXX,CreationTime=3/19/2020 9:09:36 AM,Version=08_07,NumberOfRequests=1,LastRequestTime=3/19/2020 9:09:36 AM,InactiveTimeSpan=0.7 minutes
Client=XXXXX,CreationTime=3/19/2020 9:08:50 AM,Version=08_07,NumberOfRequests=46,LastRequestTime=3/19/2020 9:10:17 AM,InactiveTimeSpan=0.0 minutes
Client=XXXXX,CreationTime=3/19/2020 9:09:56 AM,Version=08_07,NumberOfRequests=2,LastRequestTime=3/19/2020 9:10:13 AM,InactiveTimeSpan=0.1 minutes

Splunk Query Used:

index=mds sourcetype=logs host =xxx AND NumberOfRequests | rex field=_raw max_match=0 ",NumberOfRequests=(?P<my_requests>\d+),"| mvexpand my_requests | stats sparkline(sum(my_requests)) as Trend sum(my_requests) as Total, avg(my_requests) as Avg, max(my_requests) as Peak, latest(NumberOfRequests) as Current , latest(_time) as "Last Updated" by host | convert ctime("Last Updated")

As provided in the example there are 3 numberofrequests present in single event, lets say same kind of events with different values in numberofrequests

I want to a field which have sum of numberofrequests of latest event

Please suggest

How to sum all the Latest events for the specific field

eval

regex

stats

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?