Splunk Search

## How to add percentage on statistic field?

Contributor

Hello,

My search: index=test sourcetype=traffic | stats sum(A) as A sum(B) as B sum(C) as C sum(D) as D | transpose

A,B,C,D are number, but when I use top command to show percentage, it calculates the number as name, so the result turns out to be 1, which means 25% each.
How do I add percentage of each column on statistic fields?

サーチ文: index=test sourcetype=traffic | stats sum(A) as A sum(B) as B sum(C) as C sum(D) as D | transpose

※A,B,C,Dはネットワークトラフィックを表す数字です。

Tags (4)
1 Solution
Motivator

おそらく、、、こんな感じではないでしょうか。

``````... | stats sum(A) as A ... | transpose
| rename column as name, "row 1" as count
| eventstats sum(count) as total
| eval percent=100*(count/total)
| fields - total
``````
Motivator

おそらく、、、こんな感じではないでしょうか。

``````... | stats sum(A) as A ... | transpose
| rename column as name, "row 1" as count
| eventstats sum(count) as total
| eval percent=100*(count/total)
| fields - total
``````
Contributor

ありがとうございます！

Get Updates on the Splunk Community!

#### .conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

#### Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

#### Troubleshooting the OpenTelemetry Collector

In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...