splunksplunk-query
Splunk : How to sum the values of the fields that are a result of if condition
My Aim :
This below query gives me count of success, failure by b_key. I want to now get the sum of all success and failures as shown in the image below. Also I want to count the number of b_key for which the failure occured. In the example below it will be 2.
Query :
| stats dc(test_events) as events by a_key,b_key
| eval status = if(events=2,"Success","Failure")
| chart count over b_key by status
Solution
Use the addcoltotals command to create the "Sum" field.
| stats dc(test_events) as events by a_key,b_key
| eval status = if(events=2,"Success","Failure")
| chart count over b_key by status
| addcoltotals labelfield=b_key label="Sum"
- Math.Sin() gives incorrect value
- How to run my python script when the sunOS is start booting
- Express-session: not resetting cookie expiration on each request
- Getting a stack overflow exception when normalizing a vector
- Edit default summary function in R gives error for multiple variables
- What was a For loop? Why isn't it needed in R?
- How to use download button in shiny and save results in various formats (csv, texte, pdf, spss...)?
- Why are there two assignment operators, `<-` and `->` in R?
- lm()$assign: what is it?
- How to get the value of list(...) in R and S functions
- Design matrix for MLM from library(lme4) with fixed and random effects
- how to generate elements not included in my sample
- Create a matrix with gradually changing values without a for loop
- Emacs ESS and S-plus ( S+ ) 8.1 compatability
- How to lag date-index in a time-series in R?
- Nonlinear regression in R / S
- Calling R from S-Plus?