Hi,
New to Splunk and still trying to get to grips with it. I am trying to present a single table with the following coloumns:
- a list of Services
- a count of these services
- add up all the numbers of a specific field (NumberOfCalls) for each of these services
This is the query I am running:
*Base Query*
| stats count by Service NumberOfCalls
This outputs the following, which is counting the NumberOfCalls - not the Service so there are duplicate Services:
Service NumberOfCalls count
UAT2 1 2
UAT6 1 5
UAT6 4 2
What is should look like it this (counting the service and adding all the NumberOfCalls per service)
Service NumberOfCalls count
UAT2 2 2
UAT6 13 7
I know the search query is very basic but I have tried numerous variations, and all are wrong.
Any suggestions please on how I can get this to work? Hope it all makes sense!
Thanks,
AM
Try *Base Query* | stats count, sum(NumberOfCalls) as NumberOfCalls by Service
.
Try *Base Query* | stats count, sum(NumberOfCalls) as NumberOfCalls by Service
.
Thanks. Such a simple solution, I almost feel silly asking!