Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I edit my search to calculate a percentage using values from a row that have a specific value in a column?

IRHM73
Motivator
‎11-11-2015 11:24 PM

Hi, I wonder whether someone may be able to help me please

I'm using the search below to produce the screenshot as shown in the attachment:

index=main auditSource=frontend auditType=Survey detail.overall!="None" 
| replace frontend with "Overall Satisfaction" 
| rename detail.overall As "Rating" 
| replace 1 with "Very Satisfied", 2 with "Satisfied", 3 with "Neither", 4 with "Dissatisfied", 5 with "Very Dissatisfied" 
|  chart count by Rating 
| eval "Rating Score"=case(Rating="Very Satisfied", 100, Rating="Satisfied", 75 , Rating="Neither", 50, Rating="Dissatisfied", 25, Rating="Very Dissatisfied", 0 , 1=1, 0) 
| addcoltotals | fillnull value="Total" | rename count as "Total Replies" 
| table "Rating", "Total Replies", "Rating Score"
| eval "Rating Calculation" = 'Total Replies' * 'Rating Score'

alt text

I don't even know whether this possible, but what I'd like to do is perform the following calculation using only the "Total" row figures.

Rating Calculation / Total Replies and formatted to a percentage with one decimal point.

I've spent a couple of days searching the web to see if I can find suitable solutions without any success.

NB. I will be putting this is a dashboard if it helps.

I just wondered whether someone may be able to look at this please and offer some guidance on how I may be able to achieve this.

Many thanks and kind regards

Chris

Preview file
21 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-11-2015 11:44 PM

At the end of your search, add the following line

| eval Percentage=if(Rating=="Total",tostring(round('Rating Calculation' *100 / 'Total Replies',1)) + "%",null())

View solution in original post

Reply
Solved! Jump to solution
Solution

lguinn2
Legend
‎11-11-2015 11:44 PM

At the end of your search, add the following line

| eval Percentage=if(Rating=="Total",tostring(round('Rating Calculation' *100 / 'Total Replies',1)) + "%",null())
Reply
Solved! Jump to solution

IRHM73
Motivator
‎11-12-2015 12:07 AM

HI @iguinn, thank you very much for taking the time to come back to me with this.

I needed to make a very minor tweak changing *100 to 1 and it works great.

Once many thanks for your help and kind regards

Chris

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...