need to use Group By here in my result

shivareddysompa · ‎06-01-2020

my data Name spent income
A 10 20
B 20 40
C 30 60
A 40 80
B 50 100
Outcome have to come

        Name  spent income
        A   50  100
        B   70  140
        C   30  60

shivareddysompa · ‎06-01-2020

not working

to4kawa · ‎06-03-2020

not working

If you want to solve the problem, you have to talk about the situation or no one will know.

| makeresults 
| eval _raw="Name,spent,income
A,10,20
B,20,40
C,30,60
A,40,80
B,50,100" 
| multikv forceheader=1 
| table Name,spent,income 
| stats sum(spent) as spent sum(income) as income by Name

results

Name    spent   income
A   50  100
B   70  140
C   30  60

493669 · ‎06-01-2020

It is working for me -

|makeresults|eval Name="A", spent="20", income=30
|append[|makeresults|eval Name="B", spent=20, income=40]
|append[|makeresults|eval Name="A", spent=40, income=80]
|stats sum(spent) as spent sum(income) as income by Name

please share your sample code.

isoutamo · ‎06-03-2020

Hi

You can check relevant spl vs sql from here:
https://docs.splunk.com/Documentation/SplunkCloud/8.0.2003/SearchReference/SQLtoSplunk

R. Ismo

493669 · ‎06-01-2020

@shivareddysompalle,
try below-

...|stats sum(spent) as spent sum(income) as income by Name

need to use Group By here in my result

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life