Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Percentage of Indexes’ logs in 24 hours.

SabariRajanT
Path Finder
‎09-23-2020 01:46 AM

Can someone help me to identify Percentage of Indexes’ logs in 24 hours.?

I have pulled using count like this :index=* earliest=-24h@h latest=now | stats count by index

But need this in Percentage.

Labels (1)
Labels
Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-23-2020 01:56 AM 
index=* earliest=-24h@h latest=now 
| stats count by index
| eventstats sum(count) as total
| eval percent=round((count * 100) / total, 2)
| fields - total

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-23-2020 01:56 AM 
index=* earliest=-24h@h latest=now 
| stats count by index
| eventstats sum(count) as total
| eval percent=round((count * 100) / total, 2)
| fields - total
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...