Hi Dal, the UserCount is 0 when I put in the "by widgetId" string but it would compute correctly without it.

Hi Mason,

I get a table like one below. where I only see 1 row and the widgetId column is empty, and I should see 3 rows. thanks

widgetId | ratio
| 0.13

That wasn't mine. 😉 Did you try the one I posted?

sorry Mason misread the name. I tried yours but I just get this table

Success | Failures | ratio
202019 | 267 | 0.13

I think I need to add the "By wigdetId" part

count(eval(Type="ERROR")) as errors by widgetId but if I add that it doesn't work as well

in which field are you capturing the widgetId or "Widget ID"?

you were able to produce results using the widgetId field using your first query right ?
index=tto* Type=ERROR Message="Widget load failed" | stats count(eval(Type="ERROR")) as errors by widgetId

The table shows up as
Widget ID | count
WidgetA | 45
WidgetB | 90

can you try this ?

index=tto* (sourcetype=access method=GET uri_path="index.htm") OR (Type=ERROR Message="Widget load failed") | stats count(eval(uri_path="index.htm")) as UsersCount, count(eval(Type="ERROR")) as errors | eval ratio = round((errors/UsersCount)*100, 2) | table "Widget ID", ratio

Hi mohammed, yes the first query produced the right table, your query produces a table like one below. where I only see 1 row and the widgetId column is empty, and I should see 3 rows.

Success | Failures | ratio
202019 | 267 | 0.13

"Widget ID" and widgetId are the same. sorry typo

hi Hung_Nguyen ,

in which field are you capturing the widgetId or "Widget ID"?

they are the same. I just rename widgetId to "Widget ID" for display purpose

can you paste sample data ?