Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Get % values out of a query

angersleek
Path Finder
‎04-14-2020 06:37 AM

I have the following query. The key TEST_DECISION has 4x possible outcomes. CALL_FAILED, VALID, INVALID, NOT_CALLED.

ns=test* TEST_DECISION
PRODUCT IN (SAMPLE_123)
| timechart span=5m limit=0 count by TEST_DECISION

The output is as follows: 

_time                             CALL_FAILED                 VALID             INVALID NOT_CALLED
2020-04-14T05:50:00.000-0700       11                           83                   7                  46
2020-04-14T05:55:00.000-0700       6                            60                   6                  42
2020-04-14T06:00:00.000-0700       8                            78                   19                 55
2020-04-14T06:05:00.000-0700       11                           86                   19                 59
2020-04-14T06:10:00.000-0700       10                           94                    17                    71
2020-04-14T06:15:00.000-0700       8                            67                    17                    63
2020-04-14T06:20:00.000-0700       2                            19                     4                    17

Is there a way I could show % instead? I only care about VALID and INVALID.
Thus I want to get the following instead.

For first row 100% will be 83(valid) + 7(invalid)

Thus I want to achieve following

VALID    INVALID
92.22%  7.77%

Please advice if there is a way I could achieve this. Thank you.

Tags (1)
Reply
1 Solution
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎04-14-2020 06:59 AM

Add this 

| eval total= VALID+INVALID
| eval Valid_Percent=round(VALID/total,4)*100
| eval Invalid_Percent=round(INVALID/total,4)*100
| fields - total

View solution in original post

Reply
Solved! Jump to solution
Solution

skoelpin
SplunkTrust
SplunkTrust
‎04-14-2020 06:59 AM

Add this 

| eval total= VALID+INVALID
| eval Valid_Percent=round(VALID/total,4)*100
| eval Invalid_Percent=round(INVALID/total,4)*100
| fields - total
Reply
Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...