I'm trying to do a summation of different fields doing a CURL call using the Splunk REST API.
Here's what I have:
curl -sS -u username:password -d "output_mode=csv" -o sample2.csv -k https://"server name":8089/services/search/jobs/export -d search="search index=* earliest=-1s | eval num0=100 | eval total = case(1=1, num0) | stats avg(total) as avgTot | table avgTot"
This returns, as expected:
avgTot
"100.000000"
However, I cannot find a way to add more values to num0. For example, changing eval num0=100 to eval num0=100+100 , it outputs no response. I'm assuming it believes it is a string and cannot add values properly. I've tried tonumber(), num() within the case() statement and evaluate it as an integer outside of the case statement to no luck.
Please advise. Thanks in advance!
... View more