Splunk Search

How do I convert total values as percentages?

jitin_ratra
New Member

I have a query which shows tables as below

alt text

I want to get the percentage in the total column instead of decimal numbers. How can i do that?

And, for every row, i want to see what percentage of Chrome browser is being used from Total

The field which determines if a user is using Chrome is a boolean property "IsUsingChrome"=true/false

So, the End result should be something like this.

Region | Currency | Total
AP | KRW | 20%(Chrome)/Other Browsers(80%)
US | usd | 30%(Chrome)/Other Browsers(70%)

I have query like this below so far

search |  mvexpand data.CustomContent |  rex total\"\:(?\d+\.\d+) max_match=0 | spath input=data.CustomContent | stats sum(total) as TOTAL by Region,Currency | sort -TOTAL

I tried to query with examples but no luck. I appreciate any help here!

Tags (1)
0 Karma

renjith_nair
Legend

@jitin_ratra,

Try

search | mvexpand data.CustomContent | rex total\"\:(?\d+.\d+) max_match=0 
| spath input=data.CustomContent 
| stats sum(eval(if(IsUsingChrome="true",total,0))) as chrome , sum(total) as TOTAL by Region,Currency 
| eval _perc=round((chrome/TOTAL)/100,2)|eval TOTAL=_perc."%(Chrome)/Other Browsers(". (100-_perc)."%)"|fields - chrome
---
What goes around comes around. If it helps, hit it with Karma :slightly_smiling_face:
0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...