Splunk Search

## Calculation based on field matching counts of a value

We have a CSV fields set defined (shortening it here),

Txn,Destination,Status

test1,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Fail

test1,NY,Pass

test2,NY,Pass

test1,NY,Fail

test2,NY,Fail

Destinations vary as well (taking a simpler case)

Trying to get something very simple then will group by Destination later on

TXN SUCCESS FAILURE RATE
test1 count(Status=Pass) count(Status=Fail)/( count(Status=Pass)+count(Status=Fail))

Iam trying stuff but somehow i cant find a way to search in one search two different count values.. not sure if iam trying to do anything complex here

thanks

Prabhu

Hi prabhu_kar

if i get you correct, you can use the following sample to get a `count` of certain Status field values:

``````... | stats count(eval(Status=Pass)) as PassCount by Destination
``````

the `PassCount` is a new field, which is needed and can be used further.

hope this is some kind of helpful

cheers, MuS

Thanks MuS 🙂

Just wondering if

``````|top limit=0 Status by Destination
``````

doesn't do what you want?

top documentation for the options and the usage for top.

How is such a feeling?

････|stats count as All,count(eval(Status="Pass")) as SUCCESS,count(eval(Status="Fail")) as Fail by Txn|eval "FAILURE RATE"=Fail / All | table Txn,SUCCESS,"FAILURE RATE"

Right what I was looking for 🙂

Thanks Hiroshi

dammit, you beat me on that - need to index more coffee 🙂

