Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to get results for how often each alarm type occurs in percentage

marenastrauss
New Member
‎08-30-2019 06:48 AM

I have uploaded alarm logs into Splunk. I would like to be able to show results for how often each alarm type occurs in percentage.

For example, the percentage of total alarms that Alarm 1 makes up and the percentage that Alarm 2 takes up, to see which alarm occurs more.

Thank you!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎08-30-2019 09:37 AM

@marenastrauss ,

In general , below should work

"your search"|stats count by alarm_type|eventstats sum(count) as total | eval perc=round((count/total)*100)
---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎08-30-2019 09:37 AM

@marenastrauss ,

In general , below should work

"your search"|stats count by alarm_type|eventstats sum(count) as total | eval perc=round((count/total)*100)
---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Solved! Jump to solution

marenastrauss
New Member
‎08-30-2019 10:55 AM

That worked! I had to do it without round though because then it only gives back 0's. Thank you!

0 Karma
Reply
Solved! Jump to solution

Sukisen1981
Champion
‎08-30-2019 01:30 PM

hi @marenastrauss
Then please accept the answer of @renjith.nair

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...