Hey Everyone are you stuck on how to get the total values count of the columns in splunk and you don’t want to make it confusing by using eval command well no need to search more this can be achieved using addcoltotals command splunk, let’s just dive into the topic.

The addcoltotals command appends a new result to the end of the search result set. The result contains the sum of each numeric field or you can specify which fields to summarize.

Results are displayed on the Statistics tab. If the labelfield argument is specified, a column is added to the statistical results table with the name specified.

Syntax for append command splunk:

addcoltotals [labelfield=<field>] [label=<string>] [<fieldlist>]

Query before using append command:

index=* 
| stats c by EventType LogName 
| fields - c 
| accum EventType as New_EventType

Result before using append command:

Query after using append command:

index=* 
| stats c by EventType LogName 
| fields - c 
| accum EventType as New_EventType 
| addcoltotals labelfield=Total_Count label=Total_Result

Result after using append command:

Explanation:

In the image above there are two numerical fields that is EventType and New EventType, after applying addcoltotals command and adding a labelfield=Total_Count the command creates a new field or a new column which contains the sum of all the rows i.e.
EventType >> 0+0+2+2+3+4+4 = 15
New_EventType >> 0+0+2+4+7+11+15 = 39

This command is used to get the total of a particular field which is in a tabular format and it only calculates the total of columns. If no column is defined it will calculate total of every column present in the table.

Also look for Accum Command in Splunk

Click here

If you are still facing issue regarding append command splunk Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on social platforms, happy Splunking >.