- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Pivot 201: Sum of amount for each department using...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have gone over Splunk's tutorial to create Pivot tables. Now that I know the process,
I would appreciate some direction on how to effectively summarize totals by department ID.
Here is a simple water down sample of my input data:
ID Amount
g0001 20000
g0002 10000
g0001 20000
g0003 20000
g0001 10000
g0004 20000
....
The pivot should provide the following (ID will be on x axis and Total Amount on the y axis for a bar chart):
ID Total Amount
g0001 50000
g0002 10000
g0003 20000
g0004 20000
Splunk requires:
1. tutorialdata.zip to create the pivot data model
2. Prices.csv.zip to create the pivot lookup data
How does Splunk data files translates to my input data?
Is the tutorialdata.zip equivalent to my input data shown above?
Does Splunk require to create from my input data shown above something equivalent to Prices.csv.zip for the Lookup data?
When creating a pivot table, I select "ID" under the split Rows and Count under column values which displays the following result:
ID Count
g0001 3
g0002 1
g0003 1
g0004 1
When creating a pivot table, I select "ID" under the split Rows and Sum for Amount under column values which displays the following result (the sum for Amount shows as blank):
ID Sum
g0001
g0002
g0003
g0004
I would appreciate any comments. Thanks!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran multiple test using Sample data from Buttercup Games under Excel and was able to compare it to Splunk and see what it was doing. I also found that the Amount I was using included $, so I changed the input data and now it works!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I ran multiple test using Sample data from Buttercup Games under Excel and was able to compare it to Splunk and see what it was doing. I also found that the Amount I was using included $, so I changed the input data and now it works!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I found that the Amount was including $, so I changed the format in the Lookup input and recreated the Lookup table.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
