Solved: Re: how to sum everyday result

ypfbkg · ‎07-11-2012

this is my search srcipt, it will show everyday use some apps count

sourcetype="acclog" app="molly" OR app="wms" |timechart span="1d" dc(IP) as visitor by app |sort visitor

the result like

_time   Molly   wms

12-7-10 22 265

12-7-11 3 22

how can i sum the total count, like below

app counter

Molly 25

wms 287

Could someone can help me ? Thanks.

kallu · ‎07-12-2012

Ah ... missed your point completely. In that case you can use eval to create a new field with IP and date combined.

... | eval X=IP.date_year.date_month.date_mday | stats dc(X) as visitor by app | ...

kallu · ‎07-12-2012

Ah ... missed your point completely. In that case you can use eval to create a new field with IP and date combined.

... | eval X=IP.date_year.date_month.date_mday | stats dc(X) as visitor by app | ...

ypfbkg · ‎07-12-2012

Kallu, thanks your help.

yes, this is what i want ^___^

kallu · ‎07-11-2012

... | stats dc(IP) as visitor by app | sort visitor

ypfbkg · ‎07-11-2012

i try this , but it didn't count erveyday. if some IP is in
2 day, it's counter will be "1", but i want 2

how to sum everyday result