Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to display the operation name and percenta...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sujaldalia
New Member
01-11-2017
03:51 PM
For my search result I have 2 columns i.e. operation name & counts. I want to do a pie chart that will contain operation name & percentage of occurence against total records
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
01-12-2017
06:49 PM
Try this
index=app-esp SourceSystemID="ESP-SMB" sourcetype="-FrontEnd" (ServiceName="SalesC" )
|stats count by ServiceOperationName
|eventstats sum(count) as total
|eval percentage=((count/total)*100)
|table ServiceOperationName,percentage
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
01-12-2017
06:49 PM
Try this
index=app-esp SourceSystemID="ESP-SMB" sourcetype="-FrontEnd" (ServiceName="SalesC" )
|stats count by ServiceOperationName
|eventstats sum(count) as total
|eval percentage=((count/total)*100)
|table ServiceOperationName,percentage
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sujaldalia
New Member
01-16-2017
06:39 PM
This worked perfectly fine. Thanks Renjith
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sujaldalia
New Member
01-12-2017
06:27 AM
Both answer did not work. I'm sure I'm doing something wrong. My 2nd day using splunk 😕
This is my search query
index=app-esp SourceSystemID="ESP-SMB" sourcetype="-FrontEnd" (ServiceName="SalesC" )
and my operation name is ServiceOperationName
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gokadroid
Motivator
01-11-2017
07:52 PM
Something similar to @renjith.nair's query but with label updated with percentage to reflect that without mouse-over.
your base query to return fields operation and count
| eventstats sum(count) as total
|eval percentage=round((count/total)*100,2)
| eval myOperation=operation." : ".percentage."%"
| table myOperation,percentage
Get Updates on the Splunk Community!
New Year, New Changes for Splunk Certifications
As we embrace a new year, we’re making a small but important update to the Splunk Certification ...
Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!
What are Community Office Hours?
Community Office Hours is an interactive 60-minute Zoom series where ...
[Puzzles] Solve, Learn, Repeat: Reprocessing XML into Fixed-Length Events
This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...
