![]() Sourcetype=”mint:network” statusCode=*| stats count(eval(match(failed,”False”))) AS Successes, count(eval(match(failed,”True”))) AS Failures BY carrier| addcoltotals labelfield=”Total Failures” Adding the qualifier “labelfield=” will accomplish this: These search results total the Successful and Failures of sales transactions per carrier. There is also an option to create a label for the totals. ![]() Sourcetype=”mint:network” statusCode=*| stats count(eval(match(failed,”False”))) AS Successes, count(eval(match(failed,”True”))) AS Failures BY carrier| addcoltotals With searches with more than one numerical column, addcoltotals will add both. In this search: Now someone who uses this report will recognize the total number of failures that customers are experiencing over all cellular carriers. Sourcetype=”mint:network” statusCode>200 failed=true | stats count AS Failures BY carrier | addcoltotals You can see that there are values associated with the report. By adding | addcoltotals at the end of the command, the total number of failures is easily recognized. Sourcetype=”mint:network” statusCode>200 failed=true | stats count AS Failures BY carrier How to Use the Splunk addcoltotals CommandĪs previously mentioned, this command organizes numeric data and is simplistic in its use.Ĭonsider the following search that will track transaction failures by cellular carrier: Customizable: By default, the label for the totals row will be “Total,” but the command allows users to choose the columns they want to add totals for, as well as customize the label for the summation.Save time and effort: The command saves time and effort by automatically adding total of a selected column, eliminating the need to manually calculate.This can be used for a single or multi-value numerical result, and it is as easy as adding “| addcoltotals” to the end of a command. In this article, we’ll investigate the use of the addcoltotals command and provide some examples of its use.Īs the name of the command implies, this command simply adds up the numerical value total of a selected column. The Splunk “addcoltotals” command provides the ability to easily include this summation in search results. There are times when a report is more valuable and comprehensive when columns of numeric data include a “total” entry, such as you might find in a spreadsheet, report, or invoice.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |