Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I edit my search to calculate a percentage using values from a row that have a specific value in a column?

IRHM73
Motivator
‎11-11-2015 11:24 PM

Hi, I wonder whether someone may be able to help me please

I'm using the search below to produce the screenshot as shown in the attachment:

index=main auditSource=frontend auditType=Survey detail.overall!="None" 
| replace frontend with "Overall Satisfaction" 
| rename detail.overall As "Rating" 
| replace 1 with "Very Satisfied", 2 with "Satisfied", 3 with "Neither", 4 with "Dissatisfied", 5 with "Very Dissatisfied" 
|  chart count by Rating 
| eval "Rating Score"=case(Rating="Very Satisfied", 100, Rating="Satisfied", 75 , Rating="Neither", 50, Rating="Dissatisfied", 25, Rating="Very Dissatisfied", 0 , 1=1, 0) 
| addcoltotals | fillnull value="Total" | rename count as "Total Replies" 
| table "Rating", "Total Replies", "Rating Score"
| eval "Rating Calculation" = 'Total Replies' * 'Rating Score'

alt text

I don't even know whether this possible, but what I'd like to do is perform the following calculation using only the "Total" row figures.

Rating Calculation / Total Replies and formatted to a percentage with one decimal point.

I've spent a couple of days searching the web to see if I can find suitable solutions without any success.

NB. I will be putting this is a dashboard if it helps.

I just wondered whether someone may be able to look at this please and offer some guidance on how I may be able to achieve this.

Many thanks and kind regards

Chris

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-11-2015 11:44 PM

At the end of your search, add the following line

| eval Percentage=if(Rating=="Total",tostring(round('Rating Calculation' *100 / 'Total Replies',1)) + "%",null())

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-11-2015 11:44 PM

At the end of your search, add the following line

| eval Percentage=if(Rating=="Total",tostring(round('Rating Calculation' *100 / 'Total Replies',1)) + "%",null())
Reply
Solved! Jump to solution

IRHM73
Motivator
‎11-12-2015 12:07 AM

HI @iguinn, thank you very much for taking the time to come back to me with this.

I needed to make a very minor tweak changing *100 to 1 and it works great.

Once many thanks for your help and kind regards

Chris

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...