Solved: How to calculate the percentage of total bytes by ...

jwalzerpitt · ‎10-25-2022

I am having a brain fart on trying to figure out how to find the total bytes per application and the the percent of each app by total bytes.

For example:

app	bytes in GB	percentage
SSL	300GB	23%
DNS	100GB	13%
etc	etc	etc

Current search is this:

index=foo 
| eventstats sum(bytes) as total_bytes 
| stats sum(bytes) as total first(total_bytes) as total_bytes by app 
| eval CompliancePct=round(total/total_bytes,2)

Any help would be appreciated

johnhuang · ‎10-25-2022

<base_search>
| stats sum(bytes) AS bytes by app
| eventstats sum(bytes) AS total_bytes
| eval percentage=ROUND((bytes/total_bytes)*100, 2)." %"
| eval app_size_gb=ROUND(bytes/1073741824, 2)
| eval total_size_gb=ROUND(total_bytes/1073741824, 2)
| table app app_size_gb total_size_gb percentage

View solution in original post

johnhuang · ‎10-25-2022

<base_search>
| stats sum(bytes) AS bytes by app
| eventstats sum(bytes) AS total_bytes
| eval percentage=ROUND((bytes/total_bytes)*100, 2)." %"
| eval app_size_gb=ROUND(bytes/1073741824, 2)
| eval total_size_gb=ROUND(total_bytes/1073741824, 2)
| table app app_size_gb total_size_gb percentage

jwalzerpitt · ‎10-25-2022

TYVM!

How to calculate the percentage of total bytes by app?

stats

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI