Splunk Search

## Pivot 201: Sum of amount for each department using Pivot Tables

Path Finder

I have gone over Splunk's tutorial to create Pivot tables. Now that I know the process,
I would appreciate some direction on how to effectively summarize totals by department ID.
Here is a simple water down sample of my input data:
ID Amount
g0001 20000
g0002 10000
g0001 20000
g0003 20000
g0001 10000
g0004 20000
....

The pivot should provide the following (ID will be on x axis and Total Amount on the y axis for a bar chart):
ID Total Amount
g0001 50000
g0002 10000
g0003 20000
g0004 20000

Splunk requires:
1. tutorialdata.zip to create the pivot data model

2. Prices.csv.zip to create the pivot lookup data

How does Splunk data files translates to my input data?
Is the tutorialdata.zip equivalent to my input data shown above?
Does Splunk require to create from my input data shown above something equivalent to Prices.csv.zip for the Lookup data?
When creating a pivot table, I select "ID" under the split Rows and Count under column values which displays the following result:
ID Count
g0001 3
g0002 1
g0003 1
g0004 1

When creating a pivot table, I select "ID" under the split Rows and Sum for Amount under column values which displays the following result (the sum for Amount shows as blank):
ID Sum
g0001

g0002

g0003

g0004

I would appreciate any comments. Thanks!

Tags (3)
1 Solution
Path Finder

I ran multiple test using Sample data from Buttercup Games under Excel and was able to compare it to Splunk and see what it was doing. I also found that the Amount I was using included \$, so I changed the input data and now it works!

Path Finder

I ran multiple test using Sample data from Buttercup Games under Excel and was able to compare it to Splunk and see what it was doing. I also found that the Amount I was using included \$, so I changed the input data and now it works!

Path Finder

I found that the Amount was including \$, so I changed the format in the Lookup input and recreated the Lookup table.