Solved: Re: problem with addcoltotals

abhayneilam · ‎01-22-2013

Hi,

I have a file like :

XXXX 20
YYYY 40
ZZZZ 60

I am running a query ....|addcoltotals

I am getting :
XXXX 20
YYYY 40
ZZZZ 60
120

but I also want to mention Grand_Total in the first field as I want my output like :

XXXX 20
YYYY 40
ZZZZ 60
Total 120

"Total" String should come...

Please help !!

Thanks in Advance

jonuwz · ‎01-22-2013

An example :

 * | stats count by sourcetype | addcoltotals labelfield=sourcetype label="Total"

labelfield is the column you want the label to appear in

label is the text in the labelfield.

tmnteam · ‎03-27-2014

Hello,

I have a search with a "stats [...] by _time" at the end. (with a bin span=hour)

I have tried with labelfield=_time but it doesn't work (value is 0NaN-NaN-NaN NaN:NaN:NaN)

Is it possible to remap this label?

Thank you in advance.

somesoni2 · ‎03-27-2014

Since _time is in the epoch format (after your query) and with addtotal, you're trying to add a row with _time="Total" (not a valid date format).

jonuwz · ‎01-22-2013

An example :

 * | stats count by sourcetype | addcoltotals labelfield=sourcetype label="Total"

labelfield is the column you want the label to appear in

label is the text in the labelfield.

problem with addcoltotals