Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to calculate sum of two field values?

leujinlove
Explorer
‎10-29-2014 10:34 PM

I got a search result as below.

ClientType count

SI 130
Competotor1 115
Partner 70
Competotor2 20

However, I like to change the result, as sum of the count values of Competotor1 and Competotor2 is Competotor_total and delete the values of Competotor1 and Competotor2.
The changed result will be

ClientType count

Competotor_Total 135
SI 130
Partner 70

Could anyone help me how to do that?

Best Regards.

Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vasanthmss
Motivator
‎10-29-2014 11:43 PM

Try this

| eval new_ClientType =if(ClientType LIKE "%Comp%", "Competotor_Total",ClientType ) | stats sum(count) by new_ClientType

V

View solution in original post

Reply
Solved! Jump to solution
Solution

vasanthmss
Motivator
‎10-29-2014 11:43 PM

Try this

| eval new_ClientType =if(ClientType LIKE "%Comp%", "Competotor_Total",ClientType ) | stats sum(count) by new_ClientType

V
Reply
Solved! Jump to solution

leujinlove
Explorer
‎10-30-2014 12:32 AM

Thanks to you, I could understand 'eval if' function.
Thanks a lot.

0 Karma
Reply
Solved! Jump to solution

neeldesai1992
Path Finder
‎10-11-2017 02:36 PM

But how did you add two functions?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...