Hello,
I want to create a line chart with the number of D2T, number of T2D,... On the same chart, I want to have a line "TOTAL" which is the sum of D2T,T2D... I tried to add the case Service_Type="D2T" OR Service_Type="T2D" OR Service_Type="EFT", "TOTAL"
in "case" but it doesn't work because if we are in one of cases, the others cases don't test.
tag::source="TokenizerWatchdogSplunk" Service_Type="*"| eval Serie=case(Service_Type="D2T", "TOK",Service_Type="T2D", "DETOK",Service_Type="EFT", "ESTABLISHMENT") | timechart count(Service_Type) as "Number of Services" by Serie
If you know the solution of the problem, thank you by advance for your solution.
If you pipe your search above to | addtotals
it will add a column with a summation of the row. I'm assuming this is what you're looking for?
Glad I could help! Do you mind accepting the answer so it shows up as such for others searching for this in the future? (Click the checkmark)
Thx very much. It works very well.