Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

sum multiple fields based on the field only

moayadalghamdi
Path Finder
‎06-20-2021 12:55 AM

Hello Splunkers

 

in my firewall logs, i have three numerical fields, (out_packet, in_packet, bytes)

 

i want to sum these values each field individually but a i want the answer in one record

for example:

index=firewall
| timechart sum (bytes) as bytes , sum (in_packet) as in_packet, sum (out_packet) as out_packet

 

unfortunately it didn't work, please help me with it

 

Thanks ^_^

Labels (4)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-20-2021 01:00 AM 
index=firewall
| stats sum (bytes) as bytes , sum (in_packet) as in_packet, sum (out_packet) as out_packet

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-20-2021 01:00 AM 
index=firewall
| stats sum (bytes) as bytes , sum (in_packet) as in_packet, sum (out_packet) as out_packet
Reply
Solved! Jump to solution

moayadalghamdi
Path Finder
‎06-20-2021 01:05 AM

Thanks for the prompt response ^_^

 

but i need it in time chart for visualization, help me with it plz

 

Thanks ^_ ^

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-20-2021 01:24 AM

Stats will give you one record as you said. Timechart will give you lots of records (assuming the time span is wide enough). How are the results you originally had not what you wanted?

0 Karma
Reply
Solved! Jump to solution

moayadalghamdi
Path Finder
‎06-20-2021 01:31 AM

Sorry, i just noticed that my post was confusing

what i want is to show the the trends of these three fields in a "line chart" visualization

 

i want the trend by any value of my choosing

for example i want like this, but with multiple fields based on the search

moayadalghamdi_2-1624177893382.png

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎06-20-2021 01:53 AM

It is still not clear why timechart is not working for you

0 Karma
Reply
Solved! Jump to solution

moayadalghamdi
Path Finder
‎06-20-2021 01:55 AM

wait, the problem if from my side, my log sources have missing data.

 

sorry for that, BTW you helped my a lot in many posts, thanks whisperer ^_^

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...