Re: How can I calculate Percentage for multiple fi...

punithsj96 · ‎12-27-2022

I am trying to get percentage value fields for multiple fields by time, and fields are dynamic. How can I calculate?

search | eval Duration=tostring(round(TimeDiff1), "duration")
| chart count over TimeDiff1 by MaterialNumber
| chart sum(*) as * by TimeDiff1 span=300

my result is:

TimeDiff1	KM50115007V002	KM51585489V000	KM51585490V000	KM51585494V000
0-300	24	0	2	0
300-600	0	1	0	0
600-900	0	7	0	1
900-1200	0	0	0	0
1200-1500	0	0	0	4
1500-1800	0	0	0	0
1800-2100	0	0	0	0
2100-2400	0	0	0	1

But, I want result in below format.

TimeDiff1	KM50115007V002	KM51585489V000	KM51585490V000	KM51585494V000	perc(KM50115007V002)	perc(KM51585489V000)	perc(KM51585490V000)	perc(KM51585494V000)
0-300	24	0	2	0	100	0	100	0
300-600	0	1	0	0	0	12.5	0	0
600-900	0	7	0	1	0	87.5	0	16.66666667
900-1200	0	0	0	0	0	0	0	0
1200-1500	0	0	0	4	0	0	0	66.66666667
1500-1800	0	0	0	0	0	0	0	0
1800-2100	0	0	0	0	0	0	0	0
2100-2400	0	0	0	1	0	0	0	16.66666667

SanjayReddy · ‎12-27-2022

Hi @punithsj96

if you can share sample qurey and exepcetd output we can help you furthur

punithsj96 · ‎12-27-2022

Hi @SanjayReddy ,

I am attaching pic for you reference. Expected out should come in this form.

gcusello · ‎12-28-2022

Hi @punithsj96,

share your data or searches as text, never as screenshot!

Anyway, can you share your search?

Ciao.

Giuseppe

punithsj96 · ‎12-28-2022

Hi @gcusello ,

I just updated the question, please kindly check the post.

How can I calculate Percentage for multiple fields?

other

Introducing the Splunk Community Dashboard Challenge!

Wondering How to Build Resiliency in the Cloud?

Updated Data Management and AWS GDI Inventory in Splunk Observability