Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to calculate the percentage of two columns?

ajromero
Path Finder
‎01-25-2021 05:21 PM

Need to calculate the percentage of two columns- I have a search that gives me a total of two columns and I need to get the percentage like this: is what % column "Today" is of column "Grand" 

Here is the search I'm using

Here is the search

`duo_index` extracted_eventtype=authentication NOT auth_log_version=v2 result=SUCCESS | eval factor=if(factor=="n/a",reason,factor) | where factor!="None" and factor!="null" | eval factor=upper(factor) | stats count by factor
| eventstats sum(count) as total |appendpipe [stats sum(count) as "equal"]

|append[search `duo_index` extracted_eventtype=authentication NOT auth_log_version=v2 result=FAILURE | eval factor=if(factor=="n/a",reason,factor) | where factor!="None" and reason!="null" | stats count by reason | eventstats sum(count) as total |appendpipe [stats sum(count) as "total2"] ]
|eval perc=(total2/equal)*100 |table perc equal total2

 

Thank you

Labels (3)
Labels
Tags (4)
0 Karma
Reply

renjith_nair
Legend
‎01-25-2021 08:53 PM

Not sure if it's as simple as

eval perc = (valueA/ValueB)*100

 

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...