Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How do you get the sum of columns by system?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UMDTERPS
Communicator
02-11-2019
07:11 AM
I am trying to figure out how to get the sum of systems_score column by systems. The data model is below:
systems systems_score
System A 20
System A 10
System A 0
System B 20
System B 20
System B 20
System C 10
System C 15
System C 0
How do I return the sum for each Systems - like below?
systems systems_score_total
System A 30
System B 60
System C 25
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
02-11-2019
07:28 AM
Hi @UMDTERPS
Try
|stats sum(systems_score) as systems_score_total by systems
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
02-11-2019
07:28 AM
Hi @UMDTERPS
Try
|stats sum(systems_score) as systems_score_total by systems
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UMDTERPS
Communicator
02-11-2019
07:32 AM
Hey vnravikumar!
I tried your SPL and I got the following:
systems systems_score_total
System A
System B
System C
The systems_score total shows up blank. =(
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
UMDTERPS
Communicator
02-11-2019
08:54 AM
Hi Vnravikumar,
I had a mistype in the search bar, your solution works.
Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
vnravikumar
Champion
02-11-2019
08:56 AM
Welcome 🙂
Get Updates on the Splunk Community!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
Tuesday, May 14, 2024 | 11AM PT / 2PM ET
Register to Attend
Join us for this Tech Talk and learn how to ...
.conf24 | Personalize your .conf experience with Learning Paths!
Personalize your .conf24 Experience
Learning paths allow you to level up your skill sets and dive deeper ...
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...
