Re: chart : Total

LauraBre · ‎06-06-2012

Hello,

I want to create a line chart with the number of D2T, number of T2D,... On the same chart, I want to have a line "TOTAL" which is the sum of D2T,T2D... I tried to add the case Service_Type="D2T" OR Service_Type="T2D" OR Service_Type="EFT", "TOTAL" in "case" but it doesn't work because if we are in one of cases, the others cases don't test.

 tag::source="TokenizerWatchdogSplunk" Service_Type="*"| eval Serie=case(Service_Type="D2T", "TOK",Service_Type="T2D", "DETOK",Service_Type="EFT", "ESTABLISHMENT") | timechart count(Service_Type) as "Number of Services" by Serie

If you know the solution of the problem, thank you by advance for your solution.

emiller42 · ‎06-06-2012

If you pipe your search above to | addtotals it will add a column with a summation of the row. I'm assuming this is what you're looking for?

emiller42 · ‎06-07-2012

Glad I could help! Do you mind accepting the answer so it shows up as such for others searching for this in the future? (Click the checkmark)

LauraBre · ‎06-07-2012

Thx very much. It works very well.

chart : Total

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...