Solved: How to timechart percentage value made by stats or...

splunkkid · ‎03-08-2021

Hello,

Is there right way to show timechart result span as 1day of percentage value which is calculated by stats or eval??

We have public ip total and used data as number currently. And those data is splited by data center.

So, I want to use data center as token while showing result data.

If I set data center as *, I want to get sum of every used data and total data of data center, and make it as percentage data like round(used / total * 100 , 2) and timechart those data..

I was trying to make the right command but I can't get any result with my command.

I tried like this.

my base search data_center IN ($TOKEN$)
|  bucket span=1d _time 
| stats sum('ip.used') as used, sum('ip.total') as total by _time
| eval usage=round(used/total * 100, 2)
| timechart span=1d limit=0 values(usage)

I can't get the usage result with those command.. Could anyone let me try with right way??

Thank you..

splunkkid · ‎03-08-2021

Hello,

I checked my command again,.. and I solved it by changing '' to "".

Like sum('ip.used') to sum("ip.used") .

Thank you.

View solution in original post

scelikok · ‎03-08-2021

Hi @splunkkid,

Can you please provide a screenshot of result before timechart command? Do you get output from stats command?

If this reply helps you an upvote and "Accept as Solution" is appreciated.

splunkkid · ‎03-08-2021

Hello,

I checked my command again,.. and I solved it by changing '' to "".

Like sum('ip.used') to sum("ip.used") .

Thank you.

How to timechart percentage value made by stats or eval

chart

eval

stats

timechart

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms