Solved: How do you get multiple percentage results in one ...

stephenmeyers · ‎02-15-2019

I would like to report the total number games played per team, and the percentage of wins, losses, and ties by team. Example data:

team=A result=win
team=A result=loss
team=B result=win
team=B result=win
team=B result=tie
team=A result=loss
team=B result=win

Desired Splunk output:

Team    Games Played    Win %    Loss %    Tie %
A       3               33%      66%       0%
B       4               75%      0%        25%

vnravikumar · ‎02-15-2019

Hi @stephenmeyers

Try this, considered column name asTeam,Result in index

your query...| stats count as played, count(eval(Result=="win")) as win,count(eval(Result=="loss")) as loss,count(eval(Result=="tie")) as tie by Team 
| eval loss=round(loss/played*100,2)."%", win=round(win/played*100,2)."%", tie=round(tie/played*100,2)."%" 
| rename played as "Game Played", win as "Win%", loss as "Loss%", tie as "Tie%"

View solution in original post

vnravikumar · ‎02-15-2019

Hi @stephenmeyers

Try this, considered column name asTeam,Result in index

your query...| stats count as played, count(eval(Result=="win")) as win,count(eval(Result=="loss")) as loss,count(eval(Result=="tie")) as tie by Team 
| eval loss=round(loss/played*100,2)."%", win=round(win/played*100,2)."%", tie=round(tie/played*100,2)."%" 
| rename played as "Game Played", win as "Win%", loss as "Loss%", tie as "Tie%"

How do you get multiple percentage results in one table?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

Are you a member of the Splunk Community?

How do you get multiple percentage results in one table?

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES