Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Adding column total in new row

dutabhis07
Explorer
‎03-03-2014 01:36 PM

Hi,
I have a data set like

Col A Col B
Time 5
Time 5
.
.

I want a new row with the total of Column B, something like

Col A Col B
Time 5
Time 5
Total 10

i know we can use addcoltotals but that adds a new column label.
Some input appreciated.
Thanks

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

reed_kelly
Contributor
‎03-03-2014 01:51 PM

Take a look at the following. I am filling in the word Total in the endhuman column at the end.

|gentimes start=-2 |fillnull value="blank" endhuman|addcoltotals|fillnull value="Total" endhuman|table endhuman,starttime,endtime,starthuman

View solution in original post

Reply
Solved! Jump to solution

ViniciusANT
Explorer
‎09-25-2014 12:44 PM

Try | addcolTotals

Reply
Solved! Jump to solution

yannK
Splunk Employee
Splunk Employee
‎03-03-2014 02:26 PM

Another way to get a column total, but it will be for each lines.

<mysearch> | table colA colB | eventstats sum(colB) AS total

Reply
Solved! Jump to solution
Solution

reed_kelly
Contributor
‎03-03-2014 01:51 PM

Take a look at the following. I am filling in the word Total in the endhuman column at the end.

|gentimes start=-2 |fillnull value="blank" endhuman|addcoltotals|fillnull value="Total" endhuman|table endhuman,starttime,endtime,starthuman

Reply
Solved! Jump to solution

dutabhis07
Explorer
‎03-03-2014 01:58 PM

Thanks Reed ... That worked ... 🙂

0 Karma
Reply
Solved! Jump to solution

dutabhis07
Explorer
‎03-03-2014 01:45 PM

yeah .. tried that as well .. but that too gives output something like

Col A Col B
Time 5
Time 5
10

I need to show the Total Alias in the last row

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...