Splunk Search

Calculation based on field matching counts of a value

prabhu_kar
New Member

We have a CSV fields set defined (shortening it here),

Txn,Destination,Status

test1,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Pass

test2,NY,Fail

test1,NY,Pass

test2,NY,Pass

test1,NY,Fail

test2,NY,Fail

Destinations vary as well (taking a simpler case)

Trying to get something very simple then will group by Destination later on

TXN SUCCESS FAILURE RATE
test1 count(Status=Pass) count(Status=Fail)/( count(Status=Pass)+count(Status=Fail))

Iam trying stuff but somehow i cant find a way to search in one search two different count values.. not sure if iam trying to do anything complex here

thanks

Prabhu

Tags (2)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi prabhu_kar

if i get you correct, you can use the following sample to get a count of certain Status field values:

... | stats count(eval(Status=Pass)) as PassCount by Destination

the PassCount is a new field, which is needed and can be used further.

hope this is some kind of helpful

cheers, MuS

0 Karma

prabhu_kar
New Member

Thanks MuS 🙂

0 Karma

landen99
Motivator

Just wondering if

|top limit=0 Status by Destination

doesn't do what you want?

top documentation for the options and the usage for top.

0 Karma

HiroshiSatoh
Champion

How is such a feeling?

・・・・|stats count as All,count(eval(Status="Pass")) as SUCCESS,count(eval(Status="Fail")) as Fail by Txn|eval "FAILURE RATE"=Fail / All | table Txn,SUCCESS,"FAILURE RATE"

prabhu_kar
New Member

Right what I was looking for 🙂

Thanks Hiroshi

0 Karma

MuS
SplunkTrust
SplunkTrust

dammit, you beat me on that - need to index more coffee 🙂

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) v3.54.0

The Splunk Threat Research Team (STRT) recently released Enterprise Security Content Update (ESCU) v3.54.0 and ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

New Learning Videos on Topics Most Requested by You! Plus This Month’s New Splunk ...

Splunk Lantern is a customer success center that provides advice from Splunk experts on valuable data ...