splunksplunk-query
Splunk : How to sum the values of the fields that are a result of if condition
My Aim :
This below query gives me count of success, failure by b_key. I want to now get the sum of all success and failures as shown in the image below. Also I want to count the number of b_key for which the failure occured. In the example below it will be 2.
Query :
| stats dc(test_events) as events by a_key,b_key
| eval status = if(events=2,"Success","Failure")
| chart count over b_key by status
Solution
Use the addcoltotals command to create the "Sum" field.
| stats dc(test_events) as events by a_key,b_key
| eval status = if(events=2,"Success","Failure")
| chart count over b_key by status
| addcoltotals labelfield=b_key label="Sum"
- Regex Substitue only on a specific group - sedcmd (Splunk)
- Regex to only return matches when followed by a specific word
- embeding conf files into helm chart
- How to create a timechart in splunk for the timestamp and extracted field?
- Match regex named group up until optional word
- How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
- Splunk result in Table format
- Splunk: How to compute the difference of timestamps by id?
- SPLUNK: How can I count events by location with a list of SERVERNAME's?
- How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
- Java 11 HttpClient - POST issue
- Flume sink to Splunk?
- Questions related to splunk builtin macros in correlation search
- how to send the local file using splunk forwarder docker image?
- A table of counts of http status by URL
- How do I use a specific date/time in Splunk dashboard with earliest and latest?
- Splunk - Handling a blank token for a dashboard search
- Splunk - Extracting from search results using regex and aggregates
- Splunk - Grouping by distinct field with stats of another field
- Trying to log to Splunk using logback appender
- How can I download infinite results from a Splunk Search to Export the Data
- Regex extraction from Right to Left
- How to use Python via AWS Lambda to send millions (large quantities of data) of events to Splunk
- How to create a timechart with percentages by fields using a Splunk query?
- Splunk: Show all the ids that are present in different events
- How to show nested structures in Splunk table
- Splunk regex filter events only one occurrence of special character
- How to search a given time range for every day in Splunk?
- Splunk Query to list down active users and the knowledge object created by them
- choropleth map does not render in Dashboard Studio but it does in Classic Dashboards