Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Sum fields
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sum fields
I would like realize a sum of data like that par exemple :
data = data + val1
But splunk dioesn’t recognize this sum.
Do you know I can do that ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you provide entire query in 101010 sample code format?also can you provide some sample input and output you want ??
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @isachristophe,
try to convert string into number by convert command
<base search>| convert num(data) as data |eval data = data + val1
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No it doesn’t work .
Even if you put this instruction :
Convert num (compteur) as compteur | eval compteur = compteur + 1 | table compteur
You have nothing in compteur
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
what value is present in compteur?
and have you tried same code...as I can see space in between num and (.
provide entire query in 101010 sample code format.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I would like to put in compteur the precedent value of the iteration, but it seems impossible
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
provide sample input and output you expect
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
| makeresults | eval data="111222"
| eval val1=666
| convert num(data) | eval data = data + val1
| table data
Its working fine...given result as "111888"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you can try please -
index="<any_index>"
| eval data="111222"
| eval val1=666
| convert num(data) as data
| eval data = data + val1
| table data
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas
What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)
Automating Threat Operations and Threat Hunting with Recorded Future
