Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- cumulative sum in splunk
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cumulative sum in splunk
shreeCS
New Member
09-13-2013
02:50 AM
Hi,
I have uploaded csv files for indexing and creating reports.Here is the sample entries:
Date A B
1.08.2013 8 17
2.08.2013 9 15
3.08.2013 11 20
4.08.2013 8 18
and my expected result is
Date A B Difference Cumulative_sum
1.08.2013 8 17 9 9
2.08.2013 9 15 6 15
3.08.2013 11 20 9 24
4.08.2013 8 18 10 34
Here i wanted to calculate cumulative sum and show it on a chart.Does splunk provide any direct function to calculate cumulative sum? How to do this?
Thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jonuwz
Influencer
09-13-2013
05:06 AM
add this :
| streamstats sum(Difference) as Cumulative_sum
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shreeCS
New Member
09-15-2013
09:42 PM
The query is
"sourcetype="csv-5" | convert mstime(Out_Time_hh_mm) AS outtime | convert mstime(In_Time_hh_mm) AS intime |eval durationHrs=(outtime - intime )/60 | streamstats sum(durationHrs) as cumulativeSum by host | timechart values(cumulativeSum) by host "
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shreeCS
New Member
09-15-2013
09:42 PM
i come up with some solution query as given below,but here the problem is cumulative sum is in the reverse order i.e., if i take for August month data,for August 1st its 205 as cumulative sum and for August 31st 8 but this should be in a reverse order i.e ,August 1st 8 ,august2 19...august 31st 205 as a sum
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shreeCS
New Member
09-15-2013
09:19 PM
Here i wanted to show cumulative sum of each host on a chart.How to do that.If i take single host i'm able to do if there are multiple hosts,then how query should be modified?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shreeCS
New Member
09-15-2013
07:39 AM
yes,the above solution is working fine but if i want to calculate cumulative sum by host ,how to do that?
" |streamstats sum(difference) as cumulative_sum by host" doesn't work here
Get Updates on the Splunk Community!
Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1
Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
