Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

rename and add 2 count results

Rajaion
Path Finder
‎06-10-2024 06:09 AM

Hello community,

I'm having a problem with a probably stupid addition but I can't find a solution. I make a simple query which returns me an account using a field called "routingKey":

Rajaion_1-1718024203766.png

However, in this example I have duplicate routingKey but with different names (example: routingdynatrace_2 and dynatrace_2 are actually the same source). This is due to a change in the way I collect my data and this has changed the name of the routingKey. The data is however not the same (the data of the routingKey "routingdynatrace_2" is not the same as "dynatrace_2")

My question is: how do I add two RoutingKey after the count to get the overall total? I tried to rename the routingKey upstream but the query does not add them after renaming.

If you have any ideas, I'm interested.

Sincerely,

Rajaion

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-10-2024 07:31 AM 
| eval routingkey=if(routingkey="routingdynatrace_2","dynatrace_2",routingkey)
| stats sum(count) as count by routingkey

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-10-2024 07:31 AM 
| eval routingkey=if(routingkey="routingdynatrace_2","dynatrace_2",routingkey)
| stats sum(count) as count by routingkey
Reply
Solved! Jump to solution

Rajaion
Path Finder
‎06-11-2024 02:28 AM

Thanks for your help, it's work

0 Karma
Reply
Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...
Top