Splunk Search

Calculating percentage and placing in a radial gauge

ronmurphy
New Member

I am trying to a radial gauge to report a percentage. I've built my search and the field that I want to report on has 4 different values.

I have my basic search and then the following:

| stats count by myfield | gauge count by myfield=normal*

which gives me a gauge value of 4 but that only reflect the total different values of the field "severity".

I've tried to place an eval but it doesn't take

| stats count myfield1 as (search severity=normal) 
| stats count myfield2 as (search severity="*") 
| eval myfield=100*(myfield1/myfield2) 
| gauge myfield 
Tags (1)
0 Karma

jwch
Explorer

I used something like this:

search
| dedup ID
| eval breached = if(SLA = "Breached", 1, 0)
| eval active = if(SLA = "Active", 1, 0)
| eval met = if(SLA = "Met", 1, 0)
| eval total = 1
| stats sum(breached) AS sum_breached, sum(active) AS sum_active, sum(met) AS sum_met, sum(total) AS sum_total
| eval perc_breached=((sum_breached/sum_total)*100)
| eval perc_active=((sum_active/sum_total)*100)
| eval perc_met=((sum_met/sum_total)*100)
| gauge perc_met

0 Karma

ronmurphy
New Member

This really helps. Now what I'm trying to do is timechart these percentages, however the timechart function only seems to work on registered fields.

0 Karma

_d_
Splunk Employee
Splunk Employee

Something like this should work:

index=bar severity=* | eval foo=if(severity=="normal",1,0) | stats count as total, sum(foo) | rename sum(foo) as foo | eval percfoo=100*(foo/total) | gauge percfoo

Hope this helps,

d.

Get Updates on the Splunk Community!

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...