Refine your search:

Calculations on search results

0

I am a complete splunk newbie and I'm trying to find information on how powerful the searches and reports can be. Let's say I have a log of sourcetype transactions (with extracted fields account_number and amount). Can I write a search that calculate the current balance on all accounts by first finding all unique accounts and then adding all associated amounts?

asked 10 Oct '11, 00:06

motzgogh's gravatar image

motzgogh
312
accept rate: 0%

One Answer:
oldestnewestmost voted
1

Yup.

sourcetype=my_transactions account_number=* | stats sum(amount) as amount by account_number
link

answered 10 Oct '11, 02:44

ziegfried's gravatar image

ziegfried ♦
10.3k1618
accept rate: 52%

Post your answer
toggle preview

Follow this question

Log In to enable email subscriptions

RSS:

Answers

Answers + Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

learn more about Markdown

Tags:

×1,685
×2

Asked: 10 Oct '11, 00:06

Seen: 1,028 times

Last updated: 10 Oct '11, 02:44

Related questions

Can I filter results based on calculations across records?

Perform calculations on a count of EventTypes

Calculations on Timechart Counts

*Nix App - Network Throughput Calculations

Putting Calculations in .conf Files

search on macro results

Results based on various thresholds

No events display on search results.

Can we have a drill down search running on click on button ??

Copyright © 2005-2012 Splunk Inc. All rights reserved.