This message originated from Cribl Community Slack.
Click here to view the original link.
Is there a way to do a cumulative sum on log events in Search? Or even with metrics? I'm not seeing anything mentioning cumulative in the stats functions in the docs. I would like to graph at what time a service reached 1,000 total requests, or when a service first had 100 unique clients IPs. I currently only have the events with this data, but if I need to convert these to metrics in Stream and send them over to Search as well I can, I'm just not sure Search supports cumulative queries
Solved
Graph at What Time a Service Reached 1,000 Total Requests, or When a Service
Best answer by David Cavuto
< @U09Q6L9G69Y > here's an example:
```dataset="cribl_search_sample" dataSource=access*
| limit 100
| sort by _time asc // important to sort before you use the prev() function
| project _time, bytes
| extend cumulativeSum=prev(cumulativeSum,1,0)+bytes. // adds the previous 1 value of cumulativeSum to the current value, initializing to 0
| extend threshold=iff(cumulativeSum>100000,true,false) // add whatever logic you want here```
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.