Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to create a new column in my table showing...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
akawacz
Path Finder
09-15-2015
05:29 AM
HI
My data
Quarter Type Amount
2014q1 a 100
2014q1 b 200
2015q2 a 100
2015q2 b 100
I would like to create an additional column with sum for the same quarter.
Expected result
Quarter Type Amount New_column
2014q1 a 100 300
2014q1 b 200 300
2015q2 a 100 200
2015q2 b 100 200
My current search:
index=test |stats(amount) as amount by quarter type
I do not want to use join and append.
Could you help me?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
09-15-2015
08:23 AM
Try this
your current search | eventstats sum(amount) as New_column by quarter
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
09-15-2015
08:23 AM
Try this
your current search | eventstats sum(amount) as New_column by quarter
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
akawacz
Path Finder
09-15-2015
09:39 AM
That works!! thank you
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ppablo
Retired
09-15-2015
12:09 PM
Hi @akawacz,
Glad @somesoni2 helped you find your answer 🙂 Please be sure to accept his answer by clicking "Accept" directly below the answer, otherwise this post will show as unresolved. Thanks!
Patrick
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
09-15-2015
08:20 AM
This is not your search; you are missing a function between stats and (amount).
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
akawacz
Path Finder
09-15-2015
08:23 AM
Yes, good point. Just forgot to put it. i was recreating version of my bigger search that would be better/easier to explain.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
woodcock
Esteemed Legend
09-15-2015
08:31 AM
OK, so what is it supposed to be?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
akawacz
Path Finder
09-15-2015
09:36 AM
should be sum
Get Updates on the Splunk Community!
More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk
Tuesday, May 14, 2024 | 11AM PT / 2PM ET
Register to Attend
Join us for this Tech Talk and learn how to ...
.conf24 | Personalize your .conf experience with Learning Paths!
Personalize your .conf24 Experience
Learning paths allow you to level up your skill sets and dive deeper ...
Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...
WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...
