How do I convert total values as percentages?

jitin_ratra · ‎11-13-2018

I have a query which shows tables as below

I want to get the percentage in the total column instead of decimal numbers. How can i do that?

And, for every row, i want to see what percentage of Chrome browser is being used from Total

The field which determines if a user is using Chrome is a boolean property "IsUsingChrome"=true/false

So, the End result should be something like this.

Region | Currency | Total
AP | KRW | 20%(Chrome)/Other Browsers(80%)
US | usd | 30%(Chrome)/Other Browsers(70%)

I have query like this below so far

search |  mvexpand data.CustomContent |  rex total\"\:(?\d+\.\d+) max_match=0 | spath input=data.CustomContent | stats sum(total) as TOTAL by Region,Currency | sort -TOTAL

I tried to query with examples but no luck. I appreciate any help here!

renjith_nair · ‎11-13-2018

@jitin_ratra,

Try

search | mvexpand data.CustomContent | rex total\"\:(?\d+.\d+) max_match=0 
| spath input=data.CustomContent 
| stats sum(eval(if(IsUsingChrome="true",total,0))) as chrome , sum(total) as TOTAL by Region,Currency 
| eval _perc=round((chrome/TOTAL)/100,2)|eval TOTAL=_perc."%(Chrome)/Other Browsers(". (100-_perc)."%)"|fields - chrome

---
What goes around comes around. If it helps, hit it with Karma 🙂

How do I convert total values as percentages?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?