Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How do I make a Splunk query to get percentage...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How do I make a Splunk query to get percentage by the fields testName and experience?
saifullakhalid
Explorer
12-04-2018
08:58 AM
I tried working on this, but I was unsuccessful. Here is my query and the logs:
Query:
source=“/var/log/*.log” platform testName testId experience | stats count as trafficSplit by platform testId testName experience
Currently, the query works fine but it gives me count, I need in percentage by test name and experience.
For example, for testName=ProductCategorySort, how much % of RR and EVG experience, similarly for testName= ProductPageRedesign, how much percentage of A and B experience.
platform testId testName experience trafficSplit
Internal facet1 facetedLeftNav E1:FACET_OFF 1
Internal pcs1 pcsCategorySort E2:EVG 1
Target 229352:0:0 ProductCategorySort RR 658
Target 229352:1:0 ProductCategorySort EVG 563
Target 234792:0:0 ProductPageRedesign A 5
Target 234792:1:0 ProductPageRedesign. B 1
expected output :
platform testId testName experience Percent trafficSplit
Internal facet1 facetedLeftNav E1:FACET_OFF 50
Internal pcs1 pcsCategorySort E2:EVG 50
Target 229352:0:0 ProductCategorySort RR 50
Target 229352:1:0 ProductCategorySort EVG 60
Target 234792:0:0 ProductPageRedesign A 99
Target 234792:1:0 ProductPageRedesign. B 1
logs:
04 Dec 2018 16:24:46,806 INFO [com.khp.abtest.services.AdobeTargetService] (http-nio-8080-exec-5) {ADOBE_SESSION_ID=798797979, DYN_USER_ID=7668768687, JSESSIONID=jlkjlkjlkjll, MBOX_IDS=[ProductCategorySort], REQUEST_URL=http://perf.company.com/c/gifts-crazy-good-gifts-cat89899?navpath=cat000000_cat000672_cat878787878, THIRDPARTY_ID=UNKNOWN, TLTSID=192636DAhghjgjgjgjhB02F913F1AF7, TNT_ID=f85201bb11d2403ca392b83423298f97.28_97, TRACE_ID=hjhjhjhj-2eaf-429e-a3c0-jbjhjhghgh, TRUE_CLIENT_IP=UNKNOWN} platform="Target",testNames="ProductCategorySort",[testName="ProductCategorySort",testId="229352:0:0",experience="RR"]
04 Dec 2018 16:24:33,979 INFO [com.khp.abtest.services.AdobeTargetService] (http-nio-8080-exec-9) {ADOBE_SESSION_ID=5c20e4764576576570ae4820dd, DYN_USER_ID=878788787, JSESSIONID=gjhghjgjhgjhgj, MBOX_IDS=[ProductCategorySort], REQUEST_URL=http://perf.company.com/c/shoes-all-designerperf.company.com90746?navpath=cat000000_cat000141_cat787878_cat47878, THIRDPARTY_ID=UNKNOWN, TLTSID=jhjhjhjhjhjhjhjhj, TNT_ID=5c20e23085804997b7d81b20ae4820dd.17_70, TRACE_ID=7605fd4c-7a2d-4b3e-b7eb-6f5c8580c0a9, TRUE_CLIENT_IP=UNKNOWN} platform="Target",testNames="ProductCategorySort",[testName="ProductCategorySort",testId="229352:1:0",experience="EVG"]
04 Dec 2018 16:16:20,619 INFO [com.khp.abtest.services.AdobeTargetService] (http-nio-8080-exec-7) {ADOBE_SESSION_ID=0a53b4774f644812896db1daf6ed9a17, DYN_USER_ID=798989 JSESSIONID=jkjlkjljljlkjkl, MBOX_IDS=[truefitABTest,ProductPageRedesign], REQUEST_URL=http://localhost:3000/p/ugg-sequined-sparkles-wool-lined-boot-prod898989?childItemId=NCX20U4_07&adobeQA=1072_pdpred_B, THIRDPARTY_ID=UNKNOWN, TLTSID=jhkjjjkhkhkhk, TNT_ID=hjkhkhjkhjkhkjhk5ded6c83.28_91, TRACE_ID=620d5c39-27c9-8989-a65c-40hjjjjhjb6, TRUE_CLIENT_IP=UNKNOWN} platform="Target",testNames="truefitABTest,ProductPageRedesign",[],[testName="ProductPageRedesign",testId="234792:1:0",experience="B"]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
bjoernjensen
Contributor
12-04-2018
01:10 PM
Hey,
you might want to have a look into eventstats:
http://docs.splunk.com/Documentation/Splunk/7.2.0/SearchReference/Eventstats
Having some counted stats data by topicA and topicB, you could easily calculate a percentage by topicA:
index = _internal sourcetype=splunkd component=*process*
| stats count by log_level component
| eventstats sum(count) as count_total by component
| eval percent = round((100/count_total)*count,1)
| sort component
| table component log_level percent count
Hope that helps,
Björn
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...
Splunk Community Badges!
Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...
