Splunk Search

How to timechart percentage value made by stats or eval

splunkkid
Path Finder

Hello,

 

Is there right way to show timechart result span as 1day of percentage value which is calculated by stats or eval??

 

We have public ip total and used data as number currently. And those data is splited by data center. 

So, I want to use data center as token while showing result data.

 

If I set data center as *, I want to get sum of every used data and total data of data center, and make it as percentage data like round(used / total * 100 , 2) and timechart those data..

 

I was trying to make the right command but I can't get any result with my command.

 

I tried like this.

my base search data_center IN ($TOKEN$)
|  bucket span=1d _time 
| stats sum('ip.used') as used, sum('ip.total') as total by _time
| eval usage=round(used/total * 100, 2)
| timechart span=1d limit=0 values(usage)

 

I can't get the usage result with those command.. Could anyone let me try with right way??

 

Thank you..

Labels (4)
0 Karma
1 Solution

splunkkid
Path Finder

Hello,

 

I checked my command again,.. and I solved it by changing  '' to "".

Like sum('ip.used') to sum("ip.used") .

 

Thank you.

View solution in original post

0 Karma

scelikok
Influencer

Hi @splunkkid,

Can you please provide a screenshot of result before timechart command? Do you get output from stats command?

If this reply helps you an upvote is appreciated.
0 Karma

splunkkid
Path Finder

Hello,

 

I checked my command again,.. and I solved it by changing  '' to "".

Like sum('ip.used') to sum("ip.used") .

 

Thank you.

View solution in original post

0 Karma