Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to show the percentage of unique values

ewanbrown
Path Finder
‎08-08-2017 06:07 AM

Hi,

I have a simple search that uses top to get the top 10 countries:

   search ........ | top Country

It will give the top 10 Countries and percentage.

How can I get the same, but look at the top 10 Countries by unique users?

This :

 search ..... | stats dc(ID) as users by  Country | sort users desc limit=10

Will give me the top 10, but not show the % for each.

Is there a way to do this?

Thanks

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎08-08-2017 06:26 AM

try this:

 search ..... | eventstats dc(ID) as totalUsers|stats max(totalUsers) as totalUsers dc(ID) as users by  Country | sort users desc limit=10|eval percentage=users/totalUsers*100|fields - totalUsers

View solution in original post

Reply
Solved! Jump to solution
Solution

cmerriman
Super Champion
‎08-08-2017 06:26 AM

try this:

 search ..... | eventstats dc(ID) as totalUsers|stats max(totalUsers) as totalUsers dc(ID) as users by  Country | sort users desc limit=10|eval percentage=users/totalUsers*100|fields - totalUsers
Reply
Solved! Jump to solution

ewanbrown
Path Finder
‎08-08-2017 07:33 AM

Perfect!

Thanks, I knew it was something to do with eventstats, but couldn't get it to work!

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...