Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

rename and add 2 count results

Rajaion
Path Finder
‎06-10-2024 06:09 AM

Hello community,

I'm having a problem with a probably stupid addition but I can't find a solution. I make a simple query which returns me an account using a field called "routingKey":

Rajaion_1-1718024203766.png

However, in this example I have duplicate routingKey but with different names (example: routingdynatrace_2 and dynatrace_2 are actually the same source). This is due to a change in the way I collect my data and this has changed the name of the routingKey. The data is however not the same (the data of the routingKey "routingdynatrace_2" is not the same as "dynatrace_2")

My question is: how do I add two RoutingKey after the count to get the overall total? I tried to rename the routingKey upstream but the query does not add them after renaming.

If you have any ideas, I'm interested.

Sincerely,

Rajaion

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-10-2024 07:31 AM 
| eval routingkey=if(routingkey="routingdynatrace_2","dynatrace_2",routingkey)
| stats sum(count) as count by routingkey

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-10-2024 07:31 AM 
| eval routingkey=if(routingkey="routingdynatrace_2","dynatrace_2",routingkey)
| stats sum(count) as count by routingkey
Reply
Solved! Jump to solution

Rajaion
Path Finder
‎06-11-2024 02:28 AM

Thanks for your help, it's work

0 Karma
Reply
Get Updates on the Splunk Community!

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...

Explore the Latest Educational Offerings from Splunk [January 2025 Updates]

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

Developer Spotlight with Paul Stout

Welcome to our very first developer spotlight release series where we'll feature some awesome Splunk ...