Spread our blog

Usage of Splunk commands  : ADDTOTALS

Usage of Splunk commands : ADDTOTALS is as follows

  • Addtotals command computes the arithmetic addition of all numerical fields for each of the search results.
  • The result will be appeared in the statics table.
  • By default the field name will be “Total”.
  • You can specify fields that you want the sum for.

 

Find below the skeleton of the usage of the command “addtotals” in SPLUNK :

addtotals [ fieldname= ] [ <field-list > ]

 

Example 1: 

index=_internal
| table date_hour,date_minute,date_second
| dedup date_hour,date_minute,date_second
| head 5
| addtotals

 

Result :

addtotals

Explanation :

In the above query “date_hour” , “date_minute” and “date_second” are the existing field names in the “_internal” index.
“addtotals” commnd computes the arithmetic addition of these three numerical field for each of the search results  and returns the result in the “Total” field as we don’t specify any argument with “addtotals” command.

Ex.- 6 + 40 + 37 = 83 for the first row.

        6 + 40 + 35 = 81 for the second row.

*************************************************************************************

 Example 2: 

index=_internal
| table date_hour,date_minute,date_second
| dedup date_hour,date_minute,date_second
| head 5
| addtotals fieldname="GRAND_TOTALS"

Result:

addtotals2

Explanation :

In the above query “date_hour” , “date_minute” and “date_second” are the existing field names in the “_internal” index.
“addtotals” commnd computes the arithmetic addition of these three numerical field for each of the search results  and returns the result in the “GRAND_TOTALS” field as we  have specified an argument  fieldname with “addtotals” command.
The argument fieldname is used for the field where the result of the “addtotals” command will be assigned.

Ex.- 6 + 47 + 8 = 61 for the first row.

        6 + 47 + 6 = 59 for the second row.

*************************************************************************************

Example 3: 

index=_internal
| table date_hour,date_minute,date_second
| dedup date_hour,date_minute,date_second
| head 5
| addtotals date_hour,date_second
Result :

 addtotals3

Explanation:

In the above query “date_hour” , “date_minute” and “date_second” are the existing field names in the “_internal” index.
“addtotals” commnd computes the arithmetic addition of the specified fields ( “date_hour” and “date_second” ) and returns the result in the “Total” field.
Ex.- 6 +  27 = 33 for the first row.

        6 +  26 = 32  for the second row.

 

 

 Now you can effectively utilize “addtotals”  command in  your daily use to meet your requirement !!

 Hope you are now comfortable in : Usage of Splunk commands  : ADDTOTALS

 

HAPPY SPLUNKING !!

What’s your Reaction?
+1
+1
+1
1
+1
+1
1
+1
1
+1

Spread our blog
Previous articleHow to Find the Missing HOSTS in SPLUNK
Next articleUsage of Splunk commands : APPENDCOLS
splunkgeek
Passionate content developer dedicated to producing result-oriented content, a specialist in technical and marketing niche writing!! Splunk Geek is a professional content writer with 6 years of experience and has been working for businesses of all types and sizes. It believes in offering insightful, educational, and valuable content and it's work reflects that.

RELATED ARTICLESMORE FROM AUTHOR

LEAVE A REPLY

Please enter your comment!
Please enter your name here