Sum fields

isachristophe · ‎01-20-2018

I would like realize a sum of data like that par exemple :

data = data + val1

But splunk dioesn’t recognize this sum.

Do you know I can do that ?

mayurr98 · ‎01-20-2018

can you provide entire query in 101010 sample code format?also can you provide some sample input and output you want ??

493669 · ‎01-20-2018

Hi @isachristophe,
try to convert string into number by convert command

<base search>| convert num(data) as data |eval data = data + val1

isachristophe · ‎01-21-2018

No it doesn’t work .
Even if you put this instruction :
Convert num (compteur) as compteur | eval compteur = compteur + 1 | table compteur

You have nothing in compteur

493669 · ‎01-21-2018

what value is present in compteur?
and have you tried same code...as I can see space in between num and (.
provide entire query in 101010 sample code format.

isachristophe · ‎01-21-2018

I would like to put in compteur the precedent value of the iteration, but it seems impossible

493669 · ‎01-21-2018

provide sample input and output you expect

493669 · ‎01-21-2018

| makeresults |   eval data="111222" 
 | eval val1=666 
 | convert num(data)     | eval data = data + val1
 | table data

Its working fine...given result as "111888"

ddrillic · ‎01-21-2018

If you can try please -

index="<any_index>" 
| eval data="111222" 
| eval val1=666 
| convert num(data) as data 
| eval data = data + val1
| table data

Sum fields

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Are you a member of the Splunk Community?

Sum fields

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025