Arushi gupta
Reputation: 179
Splunk : How to sum the values of the fields that are a result of if condition
My Aim :
This below query gives me count of success, failure by b_key. I want to now get the sum of all success and failures as shown in the image below. Also I want to count the number of b_key for which the failure occured. In the example below it will be 2.
Query :
| stats dc(test_events) as events by a_key,b_key
| eval status = if(events=2,"Success","Failure")
| chart count over b_key by status
Upvotes: 0
Views: 3636
Answers (1)
RichG
Reputation: 9936
Use the addcoltotals command to create the "Sum" field.
| stats dc(test_events) as events by a_key,b_key
| eval status = if(events=2,"Success","Failure")
| chart count over b_key by status
| addcoltotals labelfield=b_key label="Sum"
Upvotes: 3
Related Questions
- Insert from multiple tables
- MySql insert data in multiple table at a time
- Inserting multiple tables with transaction in mysql
- SQL insert into multiples tables
- MySQL multiple statement order commit
- insert to two diffetent table in mysql database with transaction
- MySQL: Insert into multiple tables in same query with BEGIN&COMMIT
- Multiple insertion in mysql tables
- How to insert into multiple tables in a single statement in MySQL?
- Inserting data into two or more tables: