Splunk Search

Calculation based on field matching counts of a value

prabhu_kar
New Member

We have a CSV fields set defined (shortening it here),

Txn,Destination,Status

test1,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Fail

test1,NY,Pass

test2,NY,Pass

test1,NY,Fail

test2,NY,Fail

Destinations vary as well (taking a simpler case)

Trying to get something very simple then will group by Destination later on

TXN SUCCESS FAILURE RATE
test1 count(Status=Pass) count(Status=Fail)/( count(Status=Pass)+count(Status=Fail))

Iam trying stuff but somehow i cant find a way to search in one search two different count values.. not sure if iam trying to do anything complex here

thanks

Prabhu

Tags (2)
0 Karma

MuS
Legend

Hi prabhu_kar

if i get you correct, you can use the following sample to get a count of certain Status field values:

... | stats count(eval(Status=Pass)) as PassCount by Destination

the PassCount is a new field, which is needed and can be used further.

hope this is some kind of helpful

cheers, MuS

0 Karma

prabhu_kar
New Member

Thanks MuS 🙂

0 Karma

landen99
Motivator

Just wondering if

|top limit=0 Status by Destination

doesn't do what you want?

top documentation for the options and the usage for top.

0 Karma

HiroshiSatoh
Champion

How is such a feeling?

・・・・|stats count as All,count(eval(Status="Pass")) as SUCCESS,count(eval(Status="Fail")) as Fail by Txn|eval "FAILURE RATE"=Fail / All | table Txn,SUCCESS,"FAILURE RATE"

prabhu_kar
New Member

Right what I was looking for 🙂

Thanks Hiroshi

0 Karma

MuS
Legend

dammit, you beat me on that - need to index more coffee 🙂

0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...