Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use timechart with a calculated field?

ra01
Path Finder
‎05-11-2016 11:52 AM

I have this search that displays my conversion rate:

tag=external_traffic  eventtype=pageactions session_id=\*
| transaction session_id startswith=(referrer=/store/category/page)  maxpause=30m mvlist=f
| eval didco = if(match(url, "/checkout/order"), 1, 0 )
| stats sum(didco) as cr , count as sessions by experienceId
| eval conv_rate = cr/sessions
 | table experienceId conv_rate

This gives me the conversion rate for the search period, but how can I do this as a daily number?

Notice the "experienceId" there are 2 experiences on the site, and I want to see the conversion rate for both them on a daily chart.

0 Karma
Reply

sundareshr
Legend
‎05-11-2016 12:04 PM

Try this

.... | bin span=1d _time | chart sum(didco) as cr , count as sessions over _time by experienceId | ...
0 Karma
Reply

ra01
Path Finder
‎05-11-2016 02:05 PM

that seems like most of the way there if I replace " | stats sum(didco) as cr , count as sessions by experienceId" with what you wrote.

The problem is the chart or summary table doesn't show the "conv_rate" field I was trying to calculate.

0 Karma
Reply

sundareshr
Legend
‎05-11-2016 02:15 PM

You will need to add the eval conv_rate=cr/sessions. Do you not get the conv_rate if you add it after the chart command.I used the chart command to give you daily totals.

0 Karma
Reply

ra01
Path Finder
‎05-11-2016 02:49 PM

the conv_rate value doesn't show up on the summary table or the chart.

I have it as:
| bin span=1h _time
| chart sum(didco) as cr , count as sessions over _time by experienceId
| eval conv_rate = cr/sessions

I am getting summary info for CR and Sessions, just not the conv_rate

0 Karma
Reply

sundareshr
Legend
‎05-11-2016 03:39 PM

What if you add the | table experienceId conv_rate Does it show then?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...