Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to display data as percentage?

pranay04
Explorer
‎02-12-2019 03:33 PM

I am using a simple query but want to display the data in percentage, There are 8 different sources for this query but in the dashboard my source is dynamic and input through a drop down and each dropdown has several subgroups and I wanto display the number of events in each source subgroup as %age. For example for below I have

source=123.a/123.b/123.c

and in verbose mode I can see the %age logging for all the source but is there a way to display it in the dashboard?

index=abc host=xyz source= 123*
| stats count by source, host

Tags (1)
0 Karma
Reply

pkeenan87
Communicator
‎02-15-2019 08:18 AM

Try using eventstats in combination with stats, here is an example with data from the internal index:

index=_internal
| stats count by sourcetype
| eventstats sum(count) AS total
| eval pct = round((count / total) * 100 , 2)." %"

0 Karma
Reply

pruthvikrishnap
Contributor
‎02-12-2019 04:29 PM

Try modifying command using eval command

| eval age = round((age/total_age)*100,1)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...