Hi @alakdam,

in this case you have to add the count all the events, something like this:

index::service sourcetype::service "order_tote_analytics" 
| spath "data.order_number" 
| search "data.order_number"=* 
|  spath path=data{}.actual_totes output=finalBox 
| eval countNull=if(finalBox == "{}", "this has value", "this is all null") 
| eventstats count AS total
| search RealData="{}"
| stats count values(total) AS total
| eval average=count/total*100

Ciao.

Giuseppe

@gcusello Thank you very much.  I would love to publish that average value in one single panel. How would I do that.  I did like this 👇🏾👇🏾 but it does not show me average anymore 😔😔

  <panel>
      <single>
        <title>Average Actual Boxes with an empty value</title>
        <search>
          <query>index::service sourcetype::service "order_tote_analytics" | spath "data.order_number" | search "data.order_number"=$orderNumber$ 
| spath path=data{}.actual_totes output=RealData 
| eval countNull=if(RealData == "{}", "this has value", "this is all null") 
| eventstats count AS total
| search RealData="{}"
| stats count values(total) AS total
| eval average=count/total*100</query>
          <earliest>$chosenTimePeriod.earliest$</earliest>
          <latest>$chosenTimePeriod.latest$</latest>
        </search>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="rangeColors">["0x53a051","0x53a051","0x53a051"]</option>
        <option name="rangeValues">[0,200]</option>
        <option name="refresh.display">progressbar</option>
        <option name="useColors">1</option>
      </single>
    </panel>

Hi @alakdam,

add

| table average

as last row of your search

Ciao.

Giuseppe

Did not help 😔😔😔. Could please copy my panel example and show to me? Also I don't think we need condition. what do you say?

Hi @alakdam,

please try this:

<panel>
      <single>
        <title>Average Actual Boxes with an empty value</title>
        <search>
          <query>index::service sourcetype::service "order_tote_analytics" | spath "data.order_number" | search "data.order_number"=$orderNumber$ 
| spath path=data{}.actual_totes output=RealData 
| eval countNull=if(RealData == "{}", "this has value", "this is all null") 
| eventstats count AS total
| search RealData="{}"
| stats count values(total) AS total
| eval average=count/total*100
| table average</query>
          <earliest>$chosenTimePeriod.earliest$</earliest>
          <latest>$chosenTimePeriod.latest$</latest>
        </search>
        <option name="colorMode">block</option>
        <option name="drilldown">none</option>
        <option name="rangeColors">["0x53a051","0x53a051","0x53a051"]</option>
        <option name="rangeValues">[0,200]</option>
        <option name="refresh.display">progressbar</option>
        <option name="useColors">1</option>
      </single>
    </panel>

Ciao.

Giuseppe

You are legend. As it said in your profile. Thanks a bunch

Hi @alakdam,

I didn't give the definition, but anywaythanks for the compliment!

good for you, see next time!

Please accept one answer for the other people of Community

Ciao and happy splunking

Giuseppe

P.S.: Karma Points are appreciated 😉

I know I am asking a lot. Can you please help me with this Problem? I still don't understand splunk docs

Thank you 🙏🏾