Lognalytics Technology
The addtotals command splunk computes the arithmetic sum of all numeric fields for each search result and those results appear in the Statistics tab.
You can specify the list of fields that you want the sum for, instead of calculating every numeric field and the sum is placed in a new field.
If col=true, the addtotals command computes the column totals, which adds a new field of sum that represents the sum of each field. labelfield, if specified, it creates a new column with the same name as specified in the labelfield.
Syntax for addtotals command splunk:
addtotals [row=<bool>] [col=<bool>] [labelfield=<field>] [label=<string>] [fieldname=<field>] [<field-list>]Query before using addtotals command:
index=*
| stats c by EventType LogName
| fields - c
| accum EventType as New_EventTypeResult before using addtotals command:
Query after using addtotals command:
index=*
| stats c by EventType LogName
| fields - c
| accum EventType as New_EventType
| addtotals row=f col=t labelfield=Column_total label=Total_ResultResult after using addtotals command:
Explanation:
This command is used to get the total of a particular field which is in a tabular format and it is able to show the total of both row as well as column irrespective of the addcoltotals which only displays the total of column.
The function to define this is –
row=true OR row=t ->> to display total of row
col=true OR col=t ->> to display total of column
Results (Not specifying Row):
Results (Specifying Row):
Results (Specifying Column):
Looking for more splunk commands ?
If you are still facing issue regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on social platforms, happy Splunking >
.
GIPHY App Key not set. Please check settings