Solved: Adding Field Values Generated by a |stats latest(f...

jason_hotchkiss · ‎11-02-2020

Hello -

I have the following search:

<base search>
| fields host registrations
| stats latest(registrations) by host

This produces the following table:

host latest(registrations)
Pc1 51

Pc2 29

Pc3 18

How would I add the values of latest(registrations) to provide a single value for all 3 hosts? For example, I would like only the sum of the latest registrations (98) to display in a single value panel.

Thank you!

ITWhisperer · ‎11-02-2020

<base search>
| fields host registrations
| stats latest(registrations) as latest_reg by host
| stats sum(latest_reg) as total_latest_reg

View solution in original post

ITWhisperer · ‎11-02-2020

<base search>
| fields host registrations
| stats latest(registrations) as latest_reg by host
| stats sum(latest_reg) as total_latest_reg

jason_hotchkiss · ‎11-02-2020

Thank you!! This worked for me.

Adding Field Values Generated by a |stats latest(fieldvalue) command

eval

fields

table

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Join the Conversation