Eval groupping

tahasefiani · ‎03-13-2020

Hello,

This is my query

| loadjob savedsearch="myquery"
| where strftime(_time, "%Y-%m-%d") >= "2020-02-26"
| stats dc(eval(if((STEP=="show"),ID_RF_ATOS,NULL))) AS show,
 dc(eval(if((STEP=="clic"),ID_RF_ATOS,NULL))) AS clic,
 dc(eval(if((STEP=="send"),ID_RF_ATOS,NULL))) AS send by company,city 
| where show>0
| stats sum(show) AS show,sum(clic) AS clic,sum(send) AS send by city
| eval rate= round(((show - (clic+send))/show*100),2)." %"
| table city,show,clic,send,rate

I want to calculate the rate by city and add it to the table

to4kawa · ‎03-13-2020

you already calculate. what's wrong?

tahasefiani · ‎03-13-2020

i don't know what was the problem but now it's works 🙂

to4kawa · ‎03-13-2020

I close your question. OK?

tahasefiani · ‎03-13-2020

yes please

Eval groupping

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

Eval groupping

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?