Re: cumulative sum in splunk

shreeCS · ‎09-13-2013

Hi,

I have uploaded csv files for indexing and creating reports.Here is the sample entries:

 Date          A  B  
 1.08.2013     8  17
 2.08.2013     9  15
 3.08.2013     11 20
 4.08.2013     8  18

and my expected result is

 Date          A  B   Difference   Cumulative_sum
 1.08.2013     8  17   9                9
 2.08.2013     9  15   6                15
 3.08.2013     11 20   9                24
 4.08.2013     8  18   10               34

Here i wanted to calculate cumulative sum and show it on a chart.Does splunk provide any direct function to calculate cumulative sum? How to do this?

Thank you

jonuwz · ‎09-13-2013

add this :

| streamstats sum(Difference) as Cumulative_sum

shreeCS · ‎09-15-2013

shreeCS · ‎09-15-2013

i come up with some solution query as given below,but here the problem is cumulative sum is in the reverse order i.e., if i take for August month data,for August 1st its 205 as cumulative sum and for August 31st 8 but this should be in a reverse order i.e ,August 1st 8 ,august2 19...august 31st 205 as a sum

shreeCS · ‎09-15-2013

Here i wanted to show cumulative sum of each host on a chart.How to do that.If i take single host i'm able to do if there are multiple hosts,then how query should be modified?

shreeCS · ‎09-15-2013

yes,the above solution is working fine but if i want to calculate cumulative sum by host ,how to do that?
" |streamstats sum(difference) as cumulative_sum by host" doesn't work here

cumulative sum in splunk

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases