## Keeps a running total of a specified numeric field.

Find below the skeleton of the usage of the command "accum" in SPLUNK :

accum <field> [ AS <newfield> ]

index=_internal
| accum  timestartpos  AS "New_Field"
| table "timestartpos","New_Field"  <enter>

Result :

timestartpos     New_Field
______________________
15                          15       Step 1 : timestartpos = 15 , New_Field = 15
0                            15       Step 2 : timestartpos = 0 ,   New_Field = ( New_Field + 0 ) = 15+0 = 15
0                            15       Step 3 : timestartpos = 0 ,   New_Field = ( New_Field + 0 ) = 15+0 = 15
20                          35       Step 4 : timestartpos = 20,  New_Field = ( New_Field + 20 ) = 15+20 = 35
10                          45       Step 5:  timestartpos = 10,  New_Field = ( New_Field + 10 ) = 35+10 = 45

Explanation
As stated in the topic itself  "it keeps a running total of a specified numeric field".
In the above Query ,"New_Field" is the new numeric field which gets created
and contains the running total of its value. As you can see, In the first row
the value of "New_Field" is 15 which is the value of "timestartpos",
now in the second row , the value of  "New_Field" is calculated as

"timestartpos(Second Rows)'s value + New_Field(First Rows)'s value" . i.e., 0+15 = 15.

and so on .....

Now you can effectively utilize "accum"command in your daily use to meet your requirement !!

Hope you are now comfortable in : Usage of Splunk commands :  ACCUM

HAPPY SPLUNKING !!