Dashboards & Visualizations

How to add values of 1st row to 2nd row and so on and show the sum in a different column

arindam_dhar
New Member

I have count of VMs per month and I want to show the count increment in a new column, for ex

_time Monthly count
2014-06 49
2014-07 300
2014-08 5
2014-09 97

I want to show the incremental sum in a new column as this -
_time Monthly count Incremental Sum
2014-06 49 49
2014-07 300 349
2014-08 5 354
2014-09 97 471

Tags (1)
0 Karma

inventsekar
Ultra Champion

please check "accum" command -
For each event where field is a number, the accum command calculates a running total or sum of the numbers. The accumulated sum can be returned to either the same field, or a newfield that you specify.
http://docs.splunk.com/Documentation/Splunk/6.4.2/SearchReference/accum

your search here | accum count as IncrementalSum
0 Karma

somesoni2
SplunkTrust
SplunkTrust

Try this

your current search | eval Commulative_sum='Monthly count' | accum Commulative_sum

OR

your current search | streamstats sum("Monthly count") as "Commulative Sum"
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...