Re: chart : Total

LauraBre · ‎06-06-2012

Hello,

I want to create a line chart with the number of D2T, number of T2D,... On the same chart, I want to have a line "TOTAL" which is the sum of D2T,T2D... I tried to add the case Service_Type="D2T" OR Service_Type="T2D" OR Service_Type="EFT", "TOTAL" in "case" but it doesn't work because if we are in one of cases, the others cases don't test.

 tag::source="TokenizerWatchdogSplunk" Service_Type="*"| eval Serie=case(Service_Type="D2T", "TOK",Service_Type="T2D", "DETOK",Service_Type="EFT", "ESTABLISHMENT") | timechart count(Service_Type) as "Number of Services" by Serie

If you know the solution of the problem, thank you by advance for your solution.

emiller42 · ‎06-06-2012

If you pipe your search above to | addtotals it will add a column with a summation of the row. I'm assuming this is what you're looking for?

emiller42 · ‎06-07-2012

Glad I could help! Do you mind accepting the answer so it shows up as such for others searching for this in the future? (Click the checkmark)

LauraBre · ‎06-07-2012

Thx very much. It works very well.

chart : Total

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Join the Conversation