×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
karthik2146
Engager
Member since: ‎08-05-2016
‎06-05-2020
Community Statistics
Posts 5
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎08-05-2016
Activity Feed
View All

Re: calculate sum of multiple fields in different ...

by in Splunk Search
‎08-08-2016 06:10 AM
‎08-08-2016 06:10 AM
The regex selected only few cars and trucks. I now understood why the regex was not working. Actually my log will be posted once in 15 minutes, each log entry will have multiple lines, like this bmwcar=10 bmwtruck=5 nissantruck=5 renaultcar=4 after 15 minutes bmwcar=5 bmwtruck=4 nissantruck=8 renaultcar=3 like this every 15 minutes, the regex selects only the first car or truck, so it does not give me correct sum. Could you let me know, how the regex can be modified to select all trucks and cars in each log entry? ... View more

Re: calculate sum of multiple fields in different ...

by in Splunk Search
‎08-08-2016 06:10 AM
‎08-08-2016 06:10 AM
It worked but it selected only few cars and trucks. I now understood why the regex was not working. Actually my log will be posted once in 15 minutes, each log entry will have multiple lines, like this bmwcar=10 bmwtruck=5 nissantruck=5 renaultcar=4 after 15 minutes bmwcar=5 bmwtruck=4 nissantruck=8 renaultcar=3 like this every 15 minutes, the regex selects only the first car or truck, so it does not give me correct sum. Could you let me know, how the regex can be modified to select all trucks and cars in each log entry ... View more

Re: calculate sum of multiple fields in different ...

by in Splunk Search
‎08-05-2016 06:31 AM
‎08-05-2016 06:31 AM
Thanks for the answer. but the regex selected only truck of a specifc make. ... View more

Re: calculate sum of multiple fields in different ...

by in Splunk Search
‎08-05-2016 06:29 AM
‎08-05-2016 06:29 AM
Thanks for answer but sad that it did not work. The regex only selects truck that too one brand. When i did index="xxxx" sourcetype="web_stats" *car OR *truck | rex "(?\w+)(?car|truck)=(?\d+)" | table _time, make, type, cnt i get only truck records and make as bmw and their respective count. I dont know the problem, you have any idea? ... View more

calculate sum of multiple fields in different line...

by in Splunk Search
‎08-05-2016 01:11 AM
‎08-05-2016 01:11 AM
I want to calculate sum of multiple fields which occur in different lines in logs I have logs like bmwcar=10 bmwtruck=5 nissantruck=5 renaultcar=4 mercedescar=10 suzukicar=10 tatatruck=5 bmwcar=2 nissantruck=15 i want to have timechart with sum of all cars and sum of all truck, so my output should be car=36, truck=30. i can do it like index="xxxx" sourcetype="web_stats" | timechart span=1d eval (sum(bmwcar)+sum(renaultcar)....etc) but this list is not fixed as a new car can be logged any time in future. so, i am using regex (.*car) and (.*truck) but i am not able to sum up all cars together and trucks together. index="xxxx" sourcetype="web_stats" *car OR *truck | rex "(?<vehicle>(.*car=[\d]+) | (.*truck=[\d]+) )" | table vehicle, _time | mvexpand vehicle | rex field=vehicle ".*=(?<cnt>(\d+))" | search cnt!=0 | timechart span=1d sum(cnt) by the above query, either i can get sum of all cars and trucks together or cars and trucks in a separate chart using separate quereies. but i wanted to have cars and trucks in a same chart in a single query. could you suggest any way to do it? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All