Splunk Search

Calculating percentage and placing in a radial gauge

ronmurphy
New Member

I am trying to a radial gauge to report a percentage. I've built my search and the field that I want to report on has 4 different values.

I have my basic search and then the following:

| stats count by myfield | gauge count by myfield=normal*

which gives me a gauge value of 4 but that only reflect the total different values of the field "severity".

I've tried to place an eval but it doesn't take

| stats count myfield1 as (search severity=normal) 
| stats count myfield2 as (search severity="*") 
| eval myfield=100*(myfield1/myfield2) 
| gauge myfield 
Tags (1)
0 Karma

jwch
Explorer

I used something like this:

search
| dedup ID
| eval breached = if(SLA = "Breached", 1, 0)
| eval active = if(SLA = "Active", 1, 0)
| eval met = if(SLA = "Met", 1, 0)
| eval total = 1
| stats sum(breached) AS sum_breached, sum(active) AS sum_active, sum(met) AS sum_met, sum(total) AS sum_total
| eval perc_breached=((sum_breached/sum_total)*100)
| eval perc_active=((sum_active/sum_total)*100)
| eval perc_met=((sum_met/sum_total)*100)
| gauge perc_met

0 Karma

ronmurphy
New Member

This really helps. Now what I'm trying to do is timechart these percentages, however the timechart function only seems to work on registered fields.

0 Karma

_d_
Splunk Employee
Splunk Employee

Something like this should work:

index=bar severity=* | eval foo=if(severity=="normal",1,0) | stats count as total, sum(foo) | rename sum(foo) as foo | eval percfoo=100*(foo/total) | gauge percfoo

Hope this helps,

d.

Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...