Solved: How to perform mathematical calculations based off...

gdorman619 · ‎08-02-2019

Hello,

I'm new to Splunk and I'm having trouble with the following line of code. I think what I'm trying to do is pretty self-explanatory. Essentially the data I'm working with is one column and the values in the column are "0" or "1".
Any help would be greatly appreciated. Thank you!

| stats sum(ACCESS_REVIEW_COMPLETE) \ count(ACCESS_REVIEW_COMPLETE)

niketn · ‎08-02-2019

@gdorman619 try the following search ratio field will have required output.

<yourCurrentSearch>
| stats sum(ACCESS_REVIEW_COMPLETE) as sum count(ACCESS_REVIEW_COMPLETE) as count
| eval ratio=round(sum/count,2)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

View solution in original post

niketn · ‎08-02-2019

@gdorman619 try the following search ratio field will have required output.

<yourCurrentSearch>
| stats sum(ACCESS_REVIEW_COMPLETE) as sum count(ACCESS_REVIEW_COMPLETE) as count
| eval ratio=round(sum/count,2)

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

gdorman619 · ‎08-03-2019

Thank you very much! It worked.

prabhakar_ps · ‎08-02-2019

| stats sum(ACCESS_REVIEW_COMPLETE) as Total count as count1
| eval result=(Total/count1)

Check if this helps

How to perform mathematical calculations based off one column

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?