Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to calculate the percentage of total bytes by app?

jwalzerpitt
Influencer
‎10-25-2022 12:55 PM

I am having a brain fart on trying to figure out how to find the total bytes per application and the the percent of each app by total bytes.

For example:

appbytes in GBpercentage
SSL300GB23%
DNS100GB13%
etcetcetc

 

Current search is this:

 

index=foo 
| eventstats sum(bytes) as total_bytes 
| stats sum(bytes) as total first(total_bytes) as total_bytes by app 
| eval CompliancePct=round(total/total_bytes,2)

 

Any help would be appreciated

Labels (1)
Labels
Tags (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

johnhuang
Motivator
‎10-25-2022 01:18 PM 
<base_search>
| stats sum(bytes) AS bytes by app
| eventstats sum(bytes) AS total_bytes
| eval percentage=ROUND((bytes/total_bytes)*100, 2)." %"
| eval app_size_gb=ROUND(bytes/1073741824, 2)
| eval total_size_gb=ROUND(total_bytes/1073741824, 2)
| table app app_size_gb total_size_gb percentage

View solution in original post

Reply
Solved! Jump to solution
Solution

johnhuang
Motivator
‎10-25-2022 01:18 PM 
<base_search>
| stats sum(bytes) AS bytes by app
| eventstats sum(bytes) AS total_bytes
| eval percentage=ROUND((bytes/total_bytes)*100, 2)." %"
| eval app_size_gb=ROUND(bytes/1073741824, 2)
| eval total_size_gb=ROUND(total_bytes/1073741824, 2)
| table app app_size_gb total_size_gb percentage
Reply
Solved! Jump to solution

jwalzerpitt
Influencer
‎10-25-2022 01:22 PM

TYVM!

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...