Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to calculate the percentage of two columns?

ajromero
Path Finder
‎01-25-2021 05:21 PM

Need to calculate the percentage of two columns- I have a search that gives me a total of two columns and I need to get the percentage like this: is what % column "Today" is of column "Grand" 

Here is the search I'm using

Here is the search

`duo_index` extracted_eventtype=authentication NOT auth_log_version=v2 result=SUCCESS | eval factor=if(factor=="n/a",reason,factor) | where factor!="None" and factor!="null" | eval factor=upper(factor) | stats count by factor
| eventstats sum(count) as total |appendpipe [stats sum(count) as "equal"]

|append[search `duo_index` extracted_eventtype=authentication NOT auth_log_version=v2 result=FAILURE | eval factor=if(factor=="n/a",reason,factor) | where factor!="None" and reason!="null" | stats count by reason | eventstats sum(count) as total |appendpipe [stats sum(count) as "total2"] ]
|eval perc=(total2/equal)*100 |table perc equal total2

 

Thank you

Labels (3)
Labels
Tags (4)
0 Karma
Reply

renjith_nair
Legend
‎01-25-2021 08:53 PM

Not sure if it's as simple as

eval perc = (valueA/ValueB)*100

 

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

New This Month - Observability Updates Give Extended Visibility and Improve User ...

This month is a collection of special news! From Magic Quadrant updates to AppDynamics integrations to ...

Intro to Splunk Synthetic Monitoring

In our last post, we mentioned that the 3 key pieces of observability – metrics, logs, and traces – provide ...