Documentation > Splunk > Search Reference > accum

Search Reference

 


Introduction
Search Overview
Search Reference Overview
Search Commands and Functions
Search Command Reference
Custom Search Commands
Internal Search Commands
Search in the CLI

accum

Contents

accum

Synopsis

Keeps a running total of a specified numeric field.

Syntax

accum <field> [AS <newfield>]

Required arguments

field
Syntax: <string>
Description: The name of a field with numeric values.

Optional arguments

newfield
Syntax: <string>
Description: The name of a field to write the results to.

Description

For each event where field is a number, keep a running total of the sum of this number and write it out to either the same field, or a newfield if specified.

Examples

Example 1: Save the running total of "count" in a field called "total_count".

... | accum count AS total_count

See also

autoregress, delta, streamstats, trendline

Answers

Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the accum command.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3/SearchReference/Accum"

This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!