Solved: How to calculate sum of two field values?

leujinlove · ‎10-29-2014

I got a search result as below.

ClientType count

SI 130
Competotor1 115
Partner 70
Competotor2 20

However, I like to change the result, as sum of the count values of Competotor1 and Competotor2 is Competotor_total and delete the values of Competotor1 and Competotor2.
The changed result will be

ClientType count

Competotor_Total 135
SI 130
Partner 70

Could anyone help me how to do that?

Best Regards.

vasanthmss · ‎10-29-2014

Try this

| eval new_ClientType =if(ClientType LIKE "%Comp%", "Competotor_Total",ClientType ) | stats sum(count) by new_ClientType

V

View solution in original post

vasanthmss · ‎10-29-2014

Try this

| eval new_ClientType =if(ClientType LIKE "%Comp%", "Competotor_Total",ClientType ) | stats sum(count) by new_ClientType

V

leujinlove · ‎10-30-2014

Thanks to you, I could understand 'eval if' function.
Thanks a lot.

neeldesai1992 · ‎10-11-2017

But how did you add two functions?

How to calculate sum of two field values?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms