need to use Group By here in my result

shivareddysompa · ‎06-01-2020

my data Name spent income
A 10 20
B 20 40
C 30 60
A 40 80
B 50 100
Outcome have to come

        Name  spent income
        A   50  100
        B   70  140
        C   30  60

shivareddysompa · ‎06-01-2020

not working

to4kawa · ‎06-03-2020

not working

If you want to solve the problem, you have to talk about the situation or no one will know.

| makeresults 
| eval _raw="Name,spent,income
A,10,20
B,20,40
C,30,60
A,40,80
B,50,100" 
| multikv forceheader=1 
| table Name,spent,income 
| stats sum(spent) as spent sum(income) as income by Name

results

Name    spent   income
A   50  100
B   70  140
C   30  60

493669 · ‎06-01-2020

It is working for me -

|makeresults|eval Name="A", spent="20", income=30
|append[|makeresults|eval Name="B", spent=20, income=40]
|append[|makeresults|eval Name="A", spent=40, income=80]
|stats sum(spent) as spent sum(income) as income by Name

please share your sample code.

isoutamo · ‎06-03-2020

Hi

You can check relevant spl vs sql from here:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/SearchReference/SQLtoSplunk

R. Ismo

493669 · ‎06-01-2020

@shivareddysompalle,
try below-

...|stats sum(spent) as spent sum(income) as income by Name

need to use Group By here in my result

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!