Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to calcaulate a percentage based on the number of days, which are over 2 days old?

Sfry1981
Communicator
‎02-20-2018 01:50 PM

I have a bunch of values for number of days but I want to write a query that shows the percentage of results that are over 2 days old. I have posted an example below

number of days
1
3
5
6
2

Currently I have Base search | eval percentage = if((days> 2), 1, 0) so this gives me a columns of 1's and 0's but how can I say 0's have this much percentage and 1's have this much percentage based on the joint total of 100%?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-20-2018 02:04 PM

Try like this

Base search | eval gt2= if((days> 2), 1, 0) | stats count as Total sum(gt2) as gt2 | eval percentage=round(gt2*100/Total,2)

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎02-20-2018 02:04 PM

Try like this

Base search | eval gt2= if((days> 2), 1, 0) | stats count as Total sum(gt2) as gt2 | eval percentage=round(gt2*100/Total,2)
Reply
Solved! Jump to solution

Sfry1981
Communicator
‎02-21-2018 12:42 AM

Thanks @somesoni2. I have been testing and found that it does not come to a full 100% so if i change the search too Base search | eval gt2= if((days< 3), 1, 0) | stats count as Total sum(gt2) as gt2 | eval percentage=round(gt2*100/Total,2) then it shows only 54% so its missing about 8% on the figure. When i do my search as Base search | eval gt2= if((days< 1000), 1, 0) | stats count as Total sum(gt2) as gt2 | eval percentage=round(gt2*100/Total,2) it shows as 91.67%. Do you kn ow what the issue is?

0 Karma
Reply
Solved! Jump to solution

Sfry1981
Communicator
‎02-21-2018 04:43 AM

Ignore me @somesoni2 as there were a couple of values missing in the columns so all correct

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...