topic How do I perform math against two searches? in Splunk Search https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439754#M167678 <P>I have two searches that use the same index and each return a numerical total, differing only in the period of time of the data they look at. How would I perform math on the search results for example adding or calculating percentages? </P> Thu, 30 Aug 2018 14:01:12 GMT mo86 2018-08-30T14:01:12Z How do I perform math against two searches? https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439754#M167678 <P>I have two searches that use the same index and each return a numerical total, differing only in the period of time of the data they look at. How would I perform math on the search results for example adding or calculating percentages? </P> Thu, 30 Aug 2018 14:01:12 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439754#M167678 mo86 2018-08-30T14:01:12Z Re: How do I perform math against two searches? https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439755#M167679 <P>maybe, could you write the 2 queries please.. </P> Thu, 30 Aug 2018 14:54:57 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439755#M167679 inventsekar 2018-08-30T14:54:57Z Re: How do I perform math against two searches? https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439756#M167680 <P>index=data NOT ID="<EM>" earliest=-1d@d latest=-0d@d | regex name!="[a-z].</EM>"| dedup id | stats count</P> <P>index=data NOT ID="<EM>" earliest=-0d@d latest=now | regex name!="[a-z].</EM>"| dedup id | stats count</P> Thu, 30 Aug 2018 14:57:53 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439756#M167680 mo86 2018-08-30T14:57:53Z Re: How do I perform math against two searches? https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439757#M167681 <PRE><CODE>| makeresults | fields - _time | eval Total1=[search index=data NOT ID="" earliest=-1d@d latest=-0d@d | regex name!="[a-z]."| dedup id | stats count | return $count] | eval Total2=[search index=data NOT ID="" earliest=-0d@d latest=now | regex name!="[a-z]."| dedup id | stats count | return $count] | eval FullTotal=Total1+Total2 | eval percentage=((Total1/FullTotal)*100) </CODE></PRE> Thu, 30 Aug 2018 15:12:21 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439757#M167681 inventsekar 2018-08-30T15:12:21Z Re: How do I perform math against two searches? https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439758#M167682 <P>Thank you, that works great!</P> Thu, 30 Aug 2018 15:25:33 GMT https://community.splunk.com/t5/Splunk-Search/How-do-I-perform-math-against-two-searches/m-p/439758#M167682 mo86 2018-08-30T15:25:33Z