Solved: Top to a sum by a field

cmerriman · ‎11-04-2013

I am trying to get top 10 channels (chanName) by brand (BRAND) based on the duration (durationPerRoom). I have durationPerRoom sorted descending, and if I could head 10 by brand, that would be great. I have tried to do a top function, but it just counts the channels, or counts the durations, etc. Any ideas?

| stats sum(OF_ROOMS__C) as numberOfRooms,sum(sumDuration) as sumDuration by chanName BRAND|eval durationPerRoom=sumDuration/numberOfRooms| sort by durationPerRoom desc

somesoni2 · ‎11-05-2013

Try adding following to your already existing search

|eval CountF=1|streamstats sum(CountF) as CountF by BRAND | where CountF <11

View solution in original post

somesoni2 · ‎11-05-2013

Try adding following to your already existing search

|eval CountF=1|streamstats sum(CountF) as CountF by BRAND | where CountF <11

somesoni2 · ‎11-05-2013

Added my comment as answer, so that you can close the question.

cmerriman · ‎11-05-2013

That worked PERFECTLY! Thank you!!!

somesoni2 · ‎11-04-2013

Try adding following to your already existing search

|eval CountF=1|streamstats sum(CountF) as CountF by BRAND | | where CountF <11

Top to a sum by a field

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!