Solved: Re: Sum of duration problem

moinyuso96 · ‎07-18-2021

I created some of the columns using regex. So all of the codes for the regex needs to be included. I would like to find the total duration based on StationName.

StationName Duration

ABC123 100

ABC123 200

ABC456 50

When I pasted this query at the end of my codes, it only shows the StationName but the sum of Duration column is empty. How can I get the sum of duration based on StationName?

| stats sum(Duration) by StationName

bowesmana · ‎07-18-2021

Can you post your regex that creates Duration - it's probably because the Duration contains non numeric data and your Duration field is not a number

Try this before stats - this will make Duration a number if it has leading/trailing spaces.

| eval Duration=tonumber(trim(Duration))

View solution in original post

moinyuso96 · ‎07-18-2021

Hi @bowesmana , thank you for your reply. This method works for me.

bowesmana · ‎07-18-2021

Can you post your regex that creates Duration - it's probably because the Duration contains non numeric data and your Duration field is not a number

Try this before stats - this will make Duration a number if it has leading/trailing spaces.

| eval Duration=tonumber(trim(Duration))

Sum of duration problem

stats

table

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!