Solved: How to calculate successful percentage grouped by ...

csahoo · ‎05-11-2022

somesoni2 · ‎05-11-2022

Give this a try (and may be post your question as text instead of picture next time😁 )

Your Base search
| where status="Received" OR status="Success"
| stats count(eval(status="Received")) as Received count(eval(status="Success")) as Success by sourceNodeCode labelType
| eval SuccessRate=round((Success*100)/ Received,2)
| stats list(labelType) as labelType list(Received) as GenerationCount list(SuccessRate) as "SuccessRate%" by sourceNodeCode

View solution in original post

csahoo · ‎05-13-2022

Thank you very much @ITWhisperer @somesoni2 both the queries are working fine

somesoni2 · ‎05-11-2022

Give this a try (and may be post your question as text instead of picture next time😁 )

Your Base search
| where status="Received" OR status="Success"
| stats count(eval(status="Received")) as Received count(eval(status="Success")) as Success by sourceNodeCode labelType
| eval SuccessRate=round((Success*100)/ Received,2)
| stats list(labelType) as labelType list(Received) as GenerationCount list(SuccessRate) as "SuccessRate%" by sourceNodeCode

ITWhisperer · ‎05-11-2022

How to calculate successful percentage grouped by another field?

chart

count

eval

field extraction

fields

join

lookup

other

stats

subsearch

table

tstats

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?