Solved: How to sum values from Splunk log data?

pk555 · ‎08-12-2018

My Splunk log is coming in this format:

\"amountLabel\":\"Amount\",\"amountValue\":\"6000.00\",\"sentOrDepositLabel\".......

I want to sum the values of 'amountValue' field and show it in a table for a specified period of time. Please let me know how can I do it.

kthammireddygar · ‎08-13-2018

First extract the amountValue field.

SearchString: index=foo sourcetype=xyz ....|timechart span=1h sum(amountValue) AS TotalSum

hope this helps

kthammireddygar · ‎08-13-2018

First extract the amountValue field.

SearchString: index=foo sourcetype=xyz ....|timechart span=1h sum(amountValue) AS TotalSum

hope this helps

HiroshiSatoh · ‎08-13-2018

Aggregation uses stats.

| stats sum(amountValue)

If you extract the field with the search sentence

| extract pairdelim=",", kvdelim=":"
| stats sum(amountValue)

How to sum values from Splunk log data?