Solved: How to Calculate the Percentage of each entry

Sentira · ‎09-09-2021

I have the following SPL and I want to show table below. The value of Total must be equal to count of events (1588). How can I pur the total count of events into Total variable?

index=abc
| stats count as Count by reason_code
| where reason_code != "false"
| addtotals col=t labelfield=reason_code label="Retrieval task cancelled" fieldname="Percentage"
| eval "Percentage"= round((Count/Total) * 100,2)."%"

isoutamo · ‎09-09-2021

Hi

Did this help you?

index=abc 
| stats count as Count by reason_code
| eventstats sum(Count) as Total 
| where reason_code != "false"
| addtotals col=t labelfield=reason_code label="Retrieval task cancelled" fieldname="Percentage"
| eval "Percentage"= round((Count/Total) * 100,2)."%"

r. Ismo

View solution in original post

isoutamo · ‎09-09-2021

Hi

Did this help you?

index=abc 
| stats count as Count by reason_code
| eventstats sum(Count) as Total 
| where reason_code != "false"
| addtotals col=t labelfield=reason_code label="Retrieval task cancelled" fieldname="Percentage"
| eval "Percentage"= round((Count/Total) * 100,2)."%"

r. Ismo

Sentira · ‎09-10-2021

Hi Ismo,

your solution works. Thanks! 🙂

How to Calculate the Percentage of each entry

count

stats

subsearch

table

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Are you a member of the Splunk Community?