Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Get percentage after case and stats calculations

dwong2
New Member
‎05-07-2018 11:34 AM

...search
| eval Type=case(like(publishId,"%U"),"UnSubscribed",like(publishId,"%S"),"Subscribed")
| stats dc(accountExId) as TotalAccounts count(tile) as count by Type

How do I get a percentage after the above results?
If Subscribed: eval round(count/TotalAccounts*100,2)
If UnSubscribed: eval round(count/totalAccounts*100,2)

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-07-2018 11:52 AM

Try like this

...search
| eval Type=case(like(publishId,"%U"),"UnSubscribed",like(publishId,"%S"),"Subscribed") 
| stats dc(accountExId) as TotalAccounts count(tile) as count by Type
| eval Percentage=round(count/TotalAccounts*100,2)

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎05-07-2018 11:52 AM

Try like this

...search
| eval Type=case(like(publishId,"%U"),"UnSubscribed",like(publishId,"%S"),"Subscribed") 
| stats dc(accountExId) as TotalAccounts count(tile) as count by Type
| eval Percentage=round(count/TotalAccounts*100,2)
0 Karma
Reply
Solved! Jump to solution

dwong2
New Member
‎05-07-2018 02:59 PM

Just checked the calculations and something is off with my calc's..
For the count(tile) as count by Type:
...this is the data:
accountId=12345678
tile=tile1

accountId=87654321
tile=tile2

accountId=12345678
tile=tile3

How can I get the distinct count for accountId? For the above example, I only want to count accountId twice because all I care about is if the accountId has at least one entry for tile... so the count should be only 2.

0 Karma
Reply
Solved! Jump to solution

dwong2
New Member
‎05-07-2018 01:31 PM

Didn't know that the eval Percentage would calculate for both Subscribed and UnSubscribed with one statement. Thought that I would have to explicitly call it out. Anyways, works like a charm. Thank You!

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎05-07-2018 01:37 PM

Yes.. with stats command, both values are coming under single field 'Type', so single eval (which is done for each row) is sufficient.

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...