Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Errors in percentage when using "top" command?

merethhe
Engager
‎10-09-2014 08:00 AM

I'm performing a very simple search:

type="Workflow model" | top 20 org

My problem is, the number of events does not correspond to the listed percentage. Example: The total number of events is 1 503 929 and there are 649726 events where org=x. This should give a percentage of approximately 43,2. However, Splunk displays the percentage as 44,782654.

Is this merely a rounding problem, or am I missing something?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-09-2014 09:24 AM

Top command you posted will return percentage for events where field org is present. Use this and see if percentage matches.

type="Workflow model" org=* | top 20 org

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎10-09-2014 09:24 AM

Top command you posted will return percentage for events where field org is present. Use this and see if percentage matches.

type="Workflow model" org=* | top 20 org
Reply
Solved! Jump to solution

merethhe
Engager
‎10-09-2014 10:45 AM

Of course, that's it. Thanks!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...