Splunk Dev
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

getting error with stats

jiaqya
Builder
‎03-30-2018 08:37 AM

i have numbers in Yes and Total columns and am trying to get a result using stats . but i keep getting error. not sure how to do this, can you help.

|stats eval(Yes/Total)*100 as Compliance

Error in 'stats' command: The aggregation specifier 'eval(Yes/Total)*100' is invalid. The aggregation specifier must be in func_name format.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎03-30-2018 08:53 AM

you cannot use eval inside of a stats command like that. try forming it more like this
|eval Compliance=(Yes/Total)*100)|stats values(Compliance) as Compliance

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎03-30-2018 08:53 AM

you cannot use eval inside of a stats command like that. try forming it more like this
|eval Compliance=(Yes/Total)*100)|stats values(Compliance) as Compliance

0 Karma
Reply
Solved! Jump to solution

jiaqya
Builder
‎03-30-2018 09:01 AM

Hi , thanks for your response, i tried what you gave above, but it did not give me the correct output.

the output of Yes, Total and Compliance is below. its already updated. what i am trying is to get the average value of Compliance. if i do avg(compliance) i get a different value and if i do sum(yes)/sum(total)*100 for compliance i get a different value, which is the correct one.

could you help me get the correct average from this table using stats or any other way.

Yes Total Compliance
0 1 0
0 4 0
1 1 100
224 225 99.56
5 5 100
15 15 100
88 92 95.65

0 Karma
Reply
Solved! Jump to solution

cmerriman
Super Champion
‎03-30-2018 09:31 AM

how about something like this?
...|addcoltotals labelfield=Compliance|search Compliance="Total"|eval Compliance=(Yes/Total)*100

i put your data in this table so you can see what i did:

|makeresults|eval data="Yes=0,Total=1,Compliance=0 Yes=0,Total=4,Compliance=0 Yes=1,Total=1,Compliance=100 Yes=224,Total=225,Compliance=99.56 Yes=5,Total=5,Compliance=100 Yes=15,Total=15,Compliance=100 Yes=88,Total=92,Compliance=99.65"|makemv data|mvexpand data|rename data as _raw|kv|table Yes Total Compliance|addcoltotals labelfield=Compliance|search Compliance="Total"|eval Compliance=(Yes/Total)*100
0 Karma
Reply
Solved! Jump to solution

jiaqya
Builder
‎03-31-2018 02:16 PM

it did help me . thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...