Solved: Re: How to sum 2 rows in a table?

niddhi · ‎09-17-2019

Hi,

In the logs i am analyzing, one of the field's value has changed (change is from '-' to '_'). For example if it was A-1 before, now its A_1. The rest of the entries are as is. So my table looks something like this:

category            error         exception
    A-1                5              0
    A_1                2              1
    B-1                3              0

I want to combine A-1 and A_1 as single row and the output should be something like:

category      error    exception
    A-1         7            1
    B-1         3            0

Any pointers are appreciated.

Thanks!

richgalloway · ‎09-17-2019

Try adding | replace "_" with "-" in category before your stats command.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎09-17-2019

Try adding | replace "_" with "-" in category before your stats command.

---
If this reply helps you, Karma would be appreciated.

niddhi · ‎09-17-2019

Thanks, replace worked. The mentioned syntax didn't work exactly, but it worked in this format:
eval category = replace(category, "A_1", "A-1").Thanks so much, you saved the day!!

How to sum 2 rows in a table?

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...