Solved: How to create a search that calculates percentage ...

Bliide · ‎06-05-2014

New Splunk user. I am creating web dashboards and I want to calculate the percentage of successful status codes. The logs are IIS. I am trying to create a search that takes the total status codes (sc_status="*") and divides by the successful status codes (sc_status<=400). I am just trying to create a single value quick reference that shows the percentage of success. I know I need to use eval to define the fields but I am having problems understanding how to put the different values together. When I do the following search I get No results found.

| stats count(eval(sc_status="*")) AS total, count(eval(sc_status<=400)) AS success | eval percent_difference=((success/total)*100) | table percent_difference

somesoni2 · ‎06-05-2014

Try this

Your base search | stats count(sc_status) AS total, count(eval(sc_status<=400)) AS success | eval percent_difference=((success/total)100) | table percent_difference

View solution in original post

somesoni2 · ‎06-05-2014

Try this

Your base search | stats count(sc_status) AS total, count(eval(sc_status<=400)) AS success | eval percent_difference=((success/total)100) | table percent_difference

Bliide · ‎06-05-2014

Thanks for the quick reply, working great now!

How to create a search that calculates percentage from 2 different values in the same field.

Your Guide to SPL2 at .conf24!

Get ready to show some Splunk Certification swagger at .conf24!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...