addcoltotals
addcoltotals
Synopsis
Computes a new event with fields that represent the sum of all numeric fields in previous events.
Syntax
addcoltotals [labelfield=<field>] [label=<string>]
Optional arguments
- label
- Syntax: label=<string>
- Description: If
labelfieldis specified, it will be added to this summary event with the value set by the 'label' option.
- labelfield
- Syntax: labelfield=<field>
- Description: Specify a name for the summary event.
Description
The addcoltotals command adds a new result at the end that represents the sum of each field. labelfield, if specified, is a field that will be added to this summary event with the value set by the label option.
Examples
Example 1: Compute the sums of all the fields, and put the sums in a summary event called "change_name".
... | addcoltotals labelfield=change_name label=ALLSee also
Answers
Have questions? Visit Splunk Answers and see what questions and answers the Splunk community has using the addcoltotals command.
This documentation applies to the following versions of Splunk: 4.1 , 4.1.1 , 4.1.2 , 4.1.3 , 4.1.4 , 4.1.5 , 4.1.6 , 4.1.7 , 4.1.8 , 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 , 4.3.3 , 4.3.4 , 4.3.5 , 4.3.6 , 5.0 , 5.0.1 , 5.0.2 View the Article History for its revisions.
During the interactive aggregation phase of charting, the presumed left-hand label column may float rightward in the table (presumably due to the fact that a simple alphanumeric string sort puts other columnt headints before the label column). On completion of the search the label column snaps back to its correct position.