Solved: How to perform mathematical calculations based off...

gdorman619 · ‎08-02-2019

Hello,

I'm new to Splunk and I'm having trouble with the following line of code. I think what I'm trying to do is pretty self-explanatory. Essentially the data I'm working with is one column and the values in the column are "0" or "1".
Any help would be greatly appreciated. Thank you!

| stats sum(ACCESS_REVIEW_COMPLETE) \ count(ACCESS_REVIEW_COMPLETE)

niketn · ‎08-02-2019

@gdorman619 try the following search ratio field will have required output.

<yourCurrentSearch>
| stats sum(ACCESS_REVIEW_COMPLETE) as sum count(ACCESS_REVIEW_COMPLETE) as count
| eval ratio=round(sum/count,2)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn · ‎08-02-2019

@gdorman619 try the following search ratio field will have required output.

<yourCurrentSearch>
| stats sum(ACCESS_REVIEW_COMPLETE) as sum count(ACCESS_REVIEW_COMPLETE) as count
| eval ratio=round(sum/count,2)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

gdorman619 · ‎08-03-2019

Thank you very much! It worked.

prabhakar_ps · ‎08-02-2019

| stats sum(ACCESS_REVIEW_COMPLETE) as Total count as count1
| eval result=(Total/count1)

Check if this helps

How to perform mathematical calculations based off one column

Troubleshooting the OpenTelemetry Collector

Adoption of Infrastructure Monitoring at Splunk

Modern way of developing distributed application using OTel