Splunk Search

How to get percentage of 200 responses?

sphiwee
Contributor

I have current search 

index="intau_workfusion" host=* sourcetype="services_status.out.log" service="HTTP/1.1" status=* | chart count by status

 

when I run it and save as pie chart I am able to get the percentage of the different status code status's, but I want it in table format and I cant divide by total when doing my eval status as all the other status codes still fall under "status" how can I solve this?

Labels (3)
Tags (1)
0 Karma

sphiwee
Contributor

sorry the first answer was correct,  this is a different issue

heres my query index="intau_workfusion" host=* "crash" | chart count by host status

so I want to be able to display a zero if a host returns no results

0 Karma

sphiwee
Contributor

thank you it's working, i forgot to mention that it has to display 0 for hosts that do not have any results, ive tried fillnull and its not working

0 Karma

ITWhisperer
SplunkTrust
SplunkTrust

OK that puts a different spin on it

| chart count by host status
| addtotals
| eval "200" = 100 * '200'/Total
| fields host 200 Total
| append
    [ <search to list all the hosts you are interested in> ]
| fillnull value=0
| stats sum(*) as * by host

ITWhisperer
SplunkTrust
SplunkTrust
| chart count by status
| eventstats sum(count) as total
| eval percent=100*count/total
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...