Solved: How to create a search that will use values from a...

pahilw · ‎11-16-2016

I have a search that outputs a number of log lines in following table format:

package      |          lineCount
_____________________________
OLD          |            333
NEW          |            120

This is the intermediate state of my data as i am looking for the percent change in number of log lines. Hence, i want to use the values from table and do some calculations for getting percent (for example (120 - 333) / 333 to calculate decrease %). I am not able to figure out how do i extract the values and use them for doing calculations. What command to use, etc?

gokadroid · ‎11-16-2016

Can you try this:

your base query to return the table of package, lineCount
| eval dummy=""
| xyseries dummy, package, lineCount
| eval percentage=(NEW-OLD)/OLD
| table NEW, OLD, percentage

View solution in original post

gokadroid · ‎11-16-2016

Can you try this:

your base query to return the table of package, lineCount
| eval dummy=""
| xyseries dummy, package, lineCount
| eval percentage=(NEW-OLD)/OLD
| table NEW, OLD, percentage

pahilw · ‎11-16-2016

worked like a charm, exactly what i was looking for. Thank you.

How to create a search that will use values from a table to calculate the percentage?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

How to create a search that will use values from a table to calculate the percentage?

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...