Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to calculate and display new value in dashboard?

lctanlc
New Member
‎11-22-2016 11:47 PM

I have extracted the "strSearchTm" field as follows:
7,152
25,695
2,247
35,998
54,714
4,084
9,670

Using "convert num(strSearchTm) as numSearchTm | stats count", I displayed the value (which is 7) in the dashboard as the "Total number of searches issued".

Using "convert num(strSearchTm) as numSearchTm | where numSearchTm <= 1000| stats count", I also displayed the value (which is 4) in the dashboard as the "Total number of searches that took not more than 1000ms".

I would like to display a new value called "Percentrank" in the dashboard that is derived from the following formula:
"Percentrank" = ("Total number of searches that took not more than 1000ms" / "Total number of searches issued") * 100

May I know how I can go about doing it?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

PPape
Contributor
‎11-23-2016 04:50 AM

This should do it.

convert num(strSearchTm) as numSearchTm | eval isOK=if('numSearchTm'<= 1000,1,0) | stats count as Total sum(isOK) as isOkTotal | eval Percentrank = (isOkTotal / Total) * 100 | table Total isOkTotal Percentrank

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

PPape
Contributor
‎11-23-2016 04:50 AM

This should do it.

convert num(strSearchTm) as numSearchTm | eval isOK=if('numSearchTm'<= 1000,1,0) | stats count as Total sum(isOK) as isOkTotal | eval Percentrank = (isOkTotal / Total) * 100 | table Total isOkTotal Percentrank
0 Karma
Reply
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...