Solved: How to calculate and display new value in dashboar...

lctanlc · ‎11-22-2016

I have extracted the "strSearchTm" field as follows:
7,152
25,695
2,247
35,998
54,714
4,084
9,670

Using "convert num(strSearchTm) as numSearchTm | stats count", I displayed the value (which is 7) in the dashboard as the "Total number of searches issued".

Using "convert num(strSearchTm) as numSearchTm | where numSearchTm <= 1000| stats count", I also displayed the value (which is 4) in the dashboard as the "Total number of searches that took not more than 1000ms".

I would like to display a new value called "Percentrank" in the dashboard that is derived from the following formula:
"Percentrank" = ("Total number of searches that took not more than 1000ms" / "Total number of searches issued") * 100

May I know how I can go about doing it?

PPape · ‎11-23-2016

This should do it.

convert num(strSearchTm) as numSearchTm | eval isOK=if('numSearchTm'<= 1000,1,0) | stats count as Total sum(isOK) as isOkTotal | eval Percentrank = (isOkTotal / Total) * 100 | table Total isOkTotal Percentrank

View solution in original post

PPape · ‎11-23-2016

This should do it.

convert num(strSearchTm) as numSearchTm | eval isOK=if('numSearchTm'<= 1000,1,0) | stats count as Total sum(isOK) as isOkTotal | eval Percentrank = (isOkTotal / Total) * 100 | table Total isOkTotal Percentrank

How to calculate and display new value in dashboard?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor