Solved: How do I generate a search that shows me the total...

makhombi · ‎12-04-2018

Hi Guys,

I'm a new Splunk user: I have a dataset with fields Date, ACC_NBR, Count, REVENUE. Date (Date when number was billed), Field ACC_NBR(Cellphone Number), Count(counts the number of times the number was billed)REVENUE(The amount deducted). I want to generate a search which shows me the total REVENUE generated per by week.

Date, ACC_NBR, Count, REVENUE
01/08/2017,72100979,1,5
01/08/2017,72101041,1,0.7
02/08/2017,75331219,1,0.7
02/08/2017,75331419,1,5
02/08/2017,75332059,1,0.7

dkeck · ‎12-04-2018

HI,

try index=<your_index> earliest=@w0| stats sum(REVENUE) by ACC_NBR

earliest=@w0 = beginning of the week

or use earliest=-7d@d for 7 days, depending on what "a week" is for you

View solution in original post

martin_mueller · ‎12-04-2018

Assuming you have timestamp extraction done right, use timechart span=w sum(REVENUE).

dkeck · ‎12-04-2018

HI,

try index=<your_index> earliest=@w0| stats sum(REVENUE) by ACC_NBR

earliest=@w0 = beginning of the week

or use earliest=-7d@d for 7 days, depending on what "a week" is for you

makhombi · ‎12-06-2018

This is a follow-up question to my first. The following query worked for me. I managed to get the total revenue generated per ACC_NBR.

The 2nd part of the question: How to show the total revenue generated per week.

| stats sum(REVENUE) by ACC_NBR

How do I generate a search that shows me the total REVENUE generated per by week?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life