Splunk Search

How can I calculate Percentage for multiple fields?

punithsj96
Explorer

I am trying to get percentage value fields for multiple fields by time, and fields are dynamic. How can I calculate? 

search | eval Duration=tostring(round(TimeDiff1), "duration")
| chart count over TimeDiff1 by MaterialNumber
| chart sum(*) as * by TimeDiff1 span=300 

my result is:

TimeDiff1KM50115007V002KM51585489V000KM51585490V000KM51585494V000
0-30024020
300-6000100
600-9000701
900-12000000
1200-15000004
1500-18000000
1800-21000000
2100-24000001

 

But, I want result in below format. 

TimeDiff1KM50115007V002KM51585489V000KM51585490V000KM51585494V000perc(KM50115007V002)perc(KM51585489V000)perc(KM51585490V000)perc(KM51585494V000)
0-3002402010001000
300-6000100012.500
600-9000701087.5016.66666667
900-120000000000
1200-1500000400066.66666667
1500-180000000000
1800-210000000000
2100-2400000100016.66666667

 

0 Karma

SanjayReddy
SplunkTrust
SplunkTrust

Hi @punithsj96 

if you can share sample qurey and exepcetd output we can help you furthur

0 Karma

punithsj96
Explorer

Hi @SanjayReddy ,

I am attaching pic for you reference. Expected out should come in this form. 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @punithsj96,

share your data or searches as text, never as screenshot!

Anyway, can you share your search?

Ciao.

Giuseppe

0 Karma

punithsj96
Explorer

Hi @gcusello , 

I just updated the question, please kindly check the post. 

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...