Overview

Calculates a running total of a field, and sets it in a new field.

Description

This function adds a new field to the original event that contains the sum of a specific field of all previous events. The value of the new field will be different in each event. It is convenient to use it when you need to know the amount for a specific field at each stage of event processing.
In the function parameters, you can specify the name of the new field in which the result will be saved, and the name of the field for which the amount will be calculated

Function Schema

Examples

Let's say we want to know the total amount of incoming traffic at the time of receiving each event. Each event contains a 'traffic' field containing the number of megabytes, and a time stamp. Set field Name = 'traffic' and New Field Name = 'total' in the function parameters.
When the first event is received, the 'total' field containing the value of the 'traffic' field is added to it. In the second event, the 'total' field will also be created, containing the sum of the 'total' field of the previous event and the value of its 'traffic' field. So, each event will accumulate the values of the 'traffic' fields of previous events. Given that each event has a 'timestamp' field, we can find out the total traffic value at any time.