Hello there, I would like some help with my query. I want to summarize 2 fields into 2 new columns
One field is unique, but the other is not The field fhost is not unique.
I want the sum of field "cores" by unique combination of the columns "clname" and "fhost" I am struggle how to do this properly and how i can use the sum unique for column "fhost"
| makeresults | eval clname="clusterx", fhost="f-hosta", vhost="v-hosta",cores=2,cpu=1 | append [| makeresults | eval clname="clusterx", fhost="f-hosta", vhost="v-hostb" ,cores=2,cpu=1 ] | append [| makeresults | eval clname="clusterx", fhost="f-hostb", vhost="v-hostc" ,cores=4,cpu=1 ] | append [| makeresults | eval clname="clusterx", fhost="f-hostc", vhost="v-hostd" ,cores=6,cpu=1 ] | eventstats sum(cpu) as total_vhost_cpus by clname ``` This is not working ``` | eventstats sum(cores) as total_fhost_cores by clname fhost `` The output should be in table format ```
| table clname cores cpu fhost vhost total_vhost_cpus total_fhost_cores Thank you in advance. Harry
... View more