Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to addcoltotals the percentage of StatusCodes by index?

edookati
Path Finder
‎03-09-2015 08:24 AM

I am using the below query to get the status codes of different applications which have one common functionality...I need to add the % by index.. Can someone please help me?
Thanks.

index=* sourcetype=access* URL="/bankapi/accounts/*/transactions/*/checkimages*" | top StatusCode by index

Below are the results...

index          StatusCode    count  percent
bankapi_logs    200             616       98.402556
bankapi_logs    500             10     1.597444
olb_logs        200             5563     98.338342
olb_logs        500             52     0.919215
olb_logs        404             32     0.565671
olb_logs        503             10     0.176772

I need something like this...

index          StatusCode    count   percent

bankapi_logs    200             616        98.402556
bankapi_logs    500             10      1.597444
BankAPI.Total                               100

olb_logs         200            5563      98.338342
olb_logs        500             52      0.919215
olb_logs         404            32      0.565671
olb_logs         503            10      0.176772 
OLB.Total                                   100
Reply
1 Solution
Solved! Jump to solution
Solution

acharlieh
Influencer
‎03-09-2015 12:16 PM

You could use appendpipe to use stats to add the statistics rows like this:

<existing query> | appendpipe [stats sum(percent) as percent by index] | sort index

View solution in original post

Reply
Solved! Jump to solution
Solution

acharlieh
Influencer
‎03-09-2015 12:16 PM

You could use appendpipe to use stats to add the statistics rows like this:

<existing query> | appendpipe [stats sum(percent) as percent by index] | sort index
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎03-09-2015 12:34 PM

Version with more close to your expected format

index=* sourcetype=access* URL="/bankapi/accounts/*/transactions/*/checkimages*" | top StatusCode by index | appendpipe [stats sum(percent) as percent by index | eval index=upper(index)."_Total" | eval percent=round(percent)] | sort index
Reply
Solved! Jump to solution

edookati
Path Finder
‎03-10-2015 11:07 AM

Thanks a lot.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...