My data looks like this, I've grouped it by a common field. I want to match the date_mday and get the sum of the events for that day.
commonField list(field1) list(date_mday) list(count)
abc f222 efg 20 10
abc f333 ccc 20 20
abc f222 efg 20 30
abc f334 ccc 20 40 -- sum of count for same date_mday - 10 + 20 + 30 + 40 = 100
*abc f114 ddd 19 10
abc f113 ccd 19 9 -*- sum of count for outliers for same date_mday - 10+9 = 19
def f222 efg 22 10
def f333 ccc 22 25 -- sum of count for same date_mday - 10+25+5 = 40
def f111 bbb 22 5
*def f111 bbb 20 15*
There are some outliers(in italic) in the data. Then, I want to get the percentage of the outlier vs the total sum.
I'm using the stats command for grouping the data running over a 30 days range, like this:
search string here | stats list(field1),list(field2),list(date_mday),list(count) by commonField
↧