Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Calculation based on field matching counts of a va...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Calculation based on field matching counts of a value
prabhu_kar
New Member
09-03-2013
09:37 PM
We have a CSV fields set defined (shortening it here),
Txn,Destination,Status
test1,NY,Pass
test2,NY,Pass
test2,NY,Pass
test2,NY,Pass
test2,NY,Fail
test1,NY,Pass
test2,NY,Pass
test1,NY,Fail
test2,NY,Fail
Destinations vary as well (taking a simpler case)
Trying to get something very simple then will group by Destination later on
| TXN | SUCCESS | FAILURE RATE |
|---|---|---|
| test1 | count(Status=Pass) | count(Status=Fail)/( count(Status=Pass)+count(Status=Fail)) |
Iam trying stuff but somehow i cant find a way to search in one search two different count values.. not sure if iam trying to do anything complex here
thanks
Prabhu
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
09-03-2013
11:24 PM
Hi prabhu_kar
if i get you correct, you can use the following sample to get a count of certain Status field values:
... | stats count(eval(Status=Pass)) as PassCount by Destination
the PassCount is a new field, which is needed and can be used further.
hope this is some kind of helpful
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
prabhu_kar
New Member
09-04-2013
03:35 AM
Thanks MuS 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
landen99
Motivator
12-01-2014
08:49 AM
Just wondering if
|top limit=0 Status by Destination
doesn't do what you want?
top documentation for the options and the usage for top.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HiroshiSatoh
Champion
09-03-2013
11:18 PM
How is such a feeling?
・・・・|stats count as All,count(eval(Status="Pass")) as SUCCESS,count(eval(Status="Fail")) as Fail by Txn|eval "FAILURE RATE"=Fail / All | table Txn,SUCCESS,"FAILURE RATE"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
prabhu_kar
New Member
09-04-2013
03:35 AM
Right what I was looking for 🙂
Thanks Hiroshi
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
09-03-2013
11:27 PM
dammit, you beat me on that - need to index more coffee 🙂
Get Updates on the Splunk Community!
Now Playing: Splunk Education Summer Learning Premieres
It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...
The Visibility Gap: Hybrid Networks and IT Services
The most forward thinking enterprises among us see their network as much more than infrastructure – it's their ...
Get Operational Insights Quickly with Natural Language on the Splunk Platform
In today’s fast-paced digital world, turning data into actionable insights is essential for success. With ...
