Re: If I have one field with 3 distinct values, ho...

iurafamss · ‎12-23-2014

Hi guys,

I have the following situation.

One field that can have three distinct values and I need sum two values as a unique value and the other must have the its own value. Sample:

Field: Teste
Values: F, J, Y

Would be: Value1= sum(F+J) and Value2= sum(Y)

Any idea how I can do this ?

Regards

alacercogitatus · ‎12-23-2014

Maybe something like this:

<your_base_search> | stats sum(eval(F+J)) as Value1 sum(Y) as Value2

alacercogitatus · ‎12-23-2014

On second thought, that won't work. Also - when you have F,J, Y as distinct values is it:

Teste = "F,J,Y"

OR

Teste = F
Teste = J
Teste = Y

jayannah · ‎12-23-2014

Here you go... i tried the below command, the field newval will be 25

|  eval Teste="10,15,60" | makemv delim="," Teste | eval val1=mvindex(Teste,0) | eval val2=mvindex(Teste,1) | eval newval=val1+val2

you can make changes as per your index..

Note: to get the last value (60 in the above example) you can use mvindex(Teste, -1)

let me know if you need any help

If I have one field with 3 distinct values, how to sum 2 of the values as a unique value and the 3rd value on its own?