Current view: XPLG V7 (Latest). Available: XPLG V6 and XPLG V5

Skip to end of metadata
Go to start of metadata


Displays the sum of the values in a specified column in the search query results based on a query to be executed on the record.


sumif [column_name] “[search_query]”

Required Arguments


Syntax: <character string>

Description: The name of a column header that has numeric values


Syntax: <character string>

Description: The search query to be executed on the record

Optional Arguments



For each event in the search query results that has the specified column_name with a numeric value, adds the value to the cumulative sum, and when it reaches the last event, displays the sum.


Example 1:  

* in log.access | sumif Bytes Sent "status=200"

Returns the sum of the values in column Bytes Sent in the events from access log only if the value of column status is 200.

Example 2:  

* in log.iis log| sumif time-taken "cs-host contains http" | group by c-ip 

From the events from log.iss log that have the text http in their cs-host column, calculates the sum of the values in the time-taken column per each c-ip column value. 

  • No labels