Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Sum by Name Regex

splunk219783
Path Finder
‎10-18-2019 08:43 AM

I've spent awhile messing around with this and can't get anything working. I need to sum a list like this by Storage1 and Storage2 to get a total of each Storage*. This is a much larger list in reality with a dozen or so different Storage#s, and Multiple locations.

I'd imagine i need some type of regex where i can sum by then sum by

Location1-Storage1-1, 500GB
Location1-Storage1-2, 250GB
Location1-Storage1-3, 200GB
Location2-Storage2-1, 100GB
Location2-Storage2-2, 150GB
Location2-Storage2-3, 150GB

Desired Output:

Storage1: 950GB
Storage2: 400GB
Location1: 950GB
Location 2: 400GB

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-18-2019 09:03 AM

Try this query.

index=foo | rex "(?<location>[^\-]+?)-(?<storage>[^\-]+)-\d+, (?<size>\d+)" | stats sum(size) as TotalSize by location,storage
---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎10-18-2019 09:03 AM

Try this query.

index=foo | rex "(?<location>[^\-]+?)-(?<storage>[^\-]+)-\d+, (?<size>\d+)" | stats sum(size) as TotalSize by location,storage
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

splunk219783
Path Finder
‎10-18-2019 12:18 PM

Thank you! This definitely got me on my way, i've got it working now.

0 Karma
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...