The question is the simple case of one set of conditions. My goal is to line graph (4) variations in one chart:
sum field A where field B=TRUE and field C=FALSE as outbound
sum field A where field B=FALSE and field C=TRUE as inbound
sum field A where field B=TRUE and field C=TRUE as internal
sum field A where field B=FALSE and field C=FALSE as passthru
pipe into a timechart by day.
This working Splunk search charts the number of records that satisfies each of the 4 tests, but I can't figure out how to sum the Field A (producer_filename_bytes) of those matching records to line chart the 4 cumulative bytes of each?
index=prd_sterling sourcetype="sfg:fg_activity" state=Routed | timechart per_day(eval(producer_is_internal="TRUE" and consumer_is_internal="FALSE")) AS TotalOutbound,
per_day(eval(producer_is_internal="FALSE" and consumer_is_internal="TRUE")) AS TotalInbound,
per_day(eval(producer_is_internal="TRUE" and consumer_is_internal="TRUE")) AS TotalInternal,
per_day(eval(producer_is_internal="FALSE" and consumer_is_internal="FALSE")) AS TotalPassThru
Thanks very much! -Marc
... View more