Re: Calculation based on field matching counts of ...

prabhu_kar · ‎09-03-2013

We have a CSV fields set defined (shortening it here),

Txn,Destination,Status

test1,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Fail

test1,NY,Pass

test2,NY,Pass

test1,NY,Fail

test2,NY,Fail

Destinations vary as well (taking a simpler case)

Trying to get something very simple then will group by Destination later on

TXN	SUCCESS	FAILURE RATE
test1	count(Status=Pass)	count(Status=Fail)/( count(Status=Pass)+count(Status=Fail))

Iam trying stuff but somehow i cant find a way to search in one search two different count values.. not sure if iam trying to do anything complex here

thanks

Prabhu

MuS · ‎09-03-2013

Hi prabhu_kar

if i get you correct, you can use the following sample to get a count of certain Status field values:

... | stats count(eval(Status=Pass)) as PassCount by Destination

the PassCount is a new field, which is needed and can be used further.

hope this is some kind of helpful

cheers, MuS

prabhu_kar · ‎09-04-2013

Thanks MuS 🙂

landen99 · ‎12-01-2014

Just wondering if

|top limit=0 Status by Destination

doesn't do what you want?

top documentation for the options and the usage for top.

HiroshiSatoh · ‎09-03-2013

How is such a feeling?

････|stats count as All,count(eval(Status="Pass")) as SUCCESS,count(eval(Status="Fail")) as Fail by Txn|eval "FAILURE RATE"=Fail / All | table Txn,SUCCESS,"FAILURE RATE"

prabhu_kar · ‎09-04-2013

Right what I was looking for 🙂

Thanks Hiroshi

MuS · ‎09-03-2013

dammit, you beat me on that - need to index more coffee 🙂

Calculation based on field matching counts of a value

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms