Documentation > Splunk > Search Reference > accum

Search Reference

 


Welcome
Search Overview
Search Commands
Custom Search Commands

accum

This documentation does not apply to the most recent version of Splunk. Click here for the latest version.

Contents

accum

Synopsis

Keeps a running total of a specified numeric field.

Syntax

accum <field> [AS <newfield>]

Arguments

field
Syntax: <string>
Description: The name of a field with numeric values.
newfield
Syntax: <string>
Description: The name of a field to write the results to.


Description

For each event where field is a number, keep a running total of the sum of this number and write it out to either the same field, or a newfield if specified.

Examples

Example 1: Save the running total of "count" in a field called "total_count".

... | accum count AS total_count


See also

autoregress delta streamstats trendline

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.0.4/SearchReference/Accum"

This documentation applies to the following versions of Splunk: 4.0 , 4.0.1 , 4.0.2 , 4.0.3 , 4.0.4 , 4.0.5 , 4.0.6 , 4.0.7 , 4.0.8 , 4.0.9 , 4.0.10 , 4.0.11 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!