Stats - a number of different stats but only one b...

timmoammo · ‎07-25-2013

Hello,

I'm trying to report a number of different stats however only one of the stats needs to be by month. All of the other stats are sum/avg/max for the whole period. If I add "by date_month" to the end of the search it appears to complete each of the stats by month.

Is there any way to separate the one stats component from the rest?

stats sum(UAFG_Adjusted_Energy___GJ) as Consumption_Adjusted_for_UAFG 
sum(Energy___GJ) as Consumption_Without_UAFG
avg(gsa_energy_charge) as Commodity_Average_Rate
sum(Commodity) as Commodity_Total
avg(vic_mkt_energy_safe_vic_charge) as ESV_Average_Rate
max(Energy_Safe_VIC) as ESV_max
max(cud_mthly_metering) by date_month

Many thanks

HiroshiSatoh · ‎07-25-2013

Do not be resolved by "appendcols"?

search *|stats sum(a)･･････|appendcols [search *|stats sum(x) by month]

HiroshiSatoh · ‎07-26-2013

I am glad if there is no problem as the answer, and enjoy it by clicking the check to the left of the answer.

timmoammo · ‎07-26-2013

Thanks for your answer. I can see how this would work however I've found a different solution by adjusting the search upstream of the stats. Thanks

Stats - a number of different stats but only one by date_month

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases