Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to edit my stats count search to chart a percentage trend over time?

sidekix24
Path Finder
‎02-19-2016 11:38 AM

Hi,

I have the search below that displays an availability percentage for me, but now I'm looking to time chart that percentage to show a trend of the availability percentage over time. I'm thinking that the issue I'm having is that once you use count, that does a count over the selected time so it wraps up everything into that one percentage. 

| stats count(eval(Login_Status)) AS Total count(eval(Login_Status=302 AND Recruiter_Status=200 AND QuickSearch_Status=200)) AS Success | eval Division=Success/Total | eval Percent=round ((Division)*100,2) | eval Final=Percent + "%" | table Percent

Anyone have any suggestions or ideas to try?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

vasildavid
Path Finder
‎02-19-2016 01:33 PM

Use buckets and break your stats down by _time.

| bucket _time span=5m 
  | stats count(eval(Login_Status)) AS Total, count(eval(Login_Status=302 AND Recruiter_Status=200 AND QuickSearch_Status=200)) AS Success by _time 
  | eval Division=Success/Total 
  | eval Percent=round ((Division)*100,2) 
  | eval Final=Percent + "%" 
  | table _time, Percent

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

vasildavid
Path Finder
‎02-19-2016 01:33 PM

Use buckets and break your stats down by _time.

| bucket _time span=5m 
  | stats count(eval(Login_Status)) AS Total, count(eval(Login_Status=302 AND Recruiter_Status=200 AND QuickSearch_Status=200)) AS Success by _time 
  | eval Division=Success/Total 
  | eval Percent=round ((Division)*100,2) 
  | eval Final=Percent + "%" 
  | table _time, Percent
0 Karma
Reply
Solved! Jump to solution

sidekix24
Path Finder
‎02-22-2016 11:34 AM

Thanks vasildavid!!! That did the trick

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...