Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to calculate average and percentage for fields...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ranjitbrhm1
Communicator
04-30-2018
11:30 PM
Good Day splunkers. I have a query where i want to calculate the number of times a name came on the field, the average times the name was used and the percentage of the name in the field. (The below is truncated for understanding)
splunkd 12,786 1.1%
Apache#1 12,094 1.041%
splunk-perfmon 11,788 1.015%
java#3 11,684 1.006%
rotatelogs 11,452 0.986%
svchost#4 11,409 0.982%
perl 11,078 0.954%
emagent 10,821 0.931%
Tomcat7 10,309 0.887%
splunk-regmon 10,274 0.884%
If the field values were numeric I could have counted and summed and created the avg. but when the field value names like above how do I go forward? I have done something similar once with eval but I can't seem to figure this out.
Thanks
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TISKAR
Builder
05-01-2018
01:47 AM
Can you try this please:
<YourBaseSearch>| stats count by name | eventstats sum(count) as tot | eval pers=round(100*count/tot,2).%
For avg you want calcul the avg by what?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TISKAR
Builder
05-01-2018
01:47 AM
Can you try this please:
<YourBaseSearch>| stats count by name | eventstats sum(count) as tot | eval pers=round(100*count/tot,2).%
For avg you want calcul the avg by what?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
akarivaratharaj
Communicator
06-28-2018
12:34 AM
How to find out count and average of a text based field for every 1 minute of time span
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FrankVl
Ultra Champion
05-01-2018
01:03 AM
Try something like this:
...your search here...
| eventstats count as namecount by name
| eventstats count as totalcount
| eval percentage=(namecount/totalcount)*100
| fieldformat percentage=percentage."%"
Get Updates on the Splunk Community!
Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps
It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...
What’s New in Splunk Observability – September 2025
What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...
Fun with Regular Expression - multiples of nine
Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...
