Sum after every 5 rows along with column totals

ashrafsj · ‎02-18-2020

HI All,

I have situation where I need to sum every 5 rows which are for every 10 min data for an hour. so for example I need to sum the rows and columns based on 01/01/2020 00:00:00 to 00:50:00 (6 rows) and i have 5 columns in place. The hourly total should sum all the 6 rows and columns data and should be split after every 6 rows.. as shown in the below example it would be run from 00:00:00 to 23:59:59

_time                  A    B     C D   E   Hourly_Totals
2020-01-01 00:00:00 178 3   0   0   1   
2020-01-01 00:10:00 267 4   0   0   0   
2020-01-01 00:20:00 250 2   0   0   3   
2020-01-01 00:30:00 192 3   0   0   0   
2020-01-01 00:40:00 233 4   0   0   0   
2020-01-01 00:50:00 183 7   0   0   0   1330
------------------------------------------------------------------------------
2020-01-01 01:00:00 160 7   1   0   0   
2020-01-01 01:10:00 142 5   0   0   0   
2020-01-01 01:20:00 209 12  2   0   0   
2020-01-01 01:30:00 399 31  0   0   0   
2020-01-01 01:40:00 355 26  0   0   0   
2020-01-01 01:50:00 661 15  3   0   1   <Total>

manjunathmeti · ‎02-18-2020

Try this:

<your base search> | addtotals fieldname=Column_Totals | eval _time=strptime(_time,"%Y-%m-%d %H") | stats sum(Column_Totals) by _time

Sum after every 5 rows along with column totals

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!