I am using the Splunk JavaScript API to create a dashboard to aggregate data. One of my searches that I want literally just sums up the total of a given field using
search index=[index] source="[path]" | stats sum("Val_in rep_cur") as Total
Even though this gives the correct number on the website, it is in the 'statistics' tab. When I run this same search in the JavaScript API, the results object is just empty. How can I get the sum of a field in the JavaScript API?
EDIT:
So it looks like if I replace stats with eventstats it will add a new field to each event. However, I am still not getting any results in the API.
My new search is
search index=[index] source="[path]" | eventstats sum("Val_in rep_cur") as Total | dedup Total | fields Total
Somehow removing the source ended up fixing the problem. The answer I was looking for was changing stats to eventstats. I only had two backslashes in my search, but because it was in a string in JavaScript it needed 4.
source="G:\\AutoIndex\\spending\\Catalog Report - 8758 Devices.csv"
should've been
source="G:\\\\AutoIndex\\\\spending\\\\Catalog Report - 8758 Devices.csv"
Somehow removing the source ended up fixing the problem. The answer I was looking for was changing stats to eventstats. I only had two backslashes in my search, but because it was in a string in JavaScript it needed 4.
source="G:\\AutoIndex\\spending\\Catalog Report - 8758 Devices.csv"
should've been
source="G:\\\\AutoIndex\\\\spending\\\\Catalog Report - 8758 Devices.csv"