Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to write a search to compare and find the ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dhavamanis
Builder
12-03-2014
09:13 AM
We have the below splunk query to get the availability report. How to compare monthly availability results? Example: the month of October availability percentage is 99% and November is 95%. How to get the variation difference. can you please provide the query to show the variation of results between months or over the period.
index="idxweblog" c=cnbc | eval Count5xx=if(status like "5%",1,0) | stats sum(Count5xx) as Count5xx count(status) as Total | eval AvailablePercentage=(Total - Count5xx)*100/Total | table AvailablePercentage
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
12-03-2014
02:31 PM
You could try
index="idxweblog" c=cnbc
| eval month = strftime(_time,"%m")
| eval Count5xx=if(status like "5%",1,0)
| stats sum(Count5xx) as Count5xx count(status) as Total by month
| eval AvailablePercentage=(Total - Count5xx)*100/Total
| delta AvailablePercentage as Difference
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lguinn2
Legend
12-03-2014
02:31 PM
You could try
index="idxweblog" c=cnbc
| eval month = strftime(_time,"%m")
| eval Count5xx=if(status like "5%",1,0)
| stats sum(Count5xx) as Count5xx count(status) as Total by month
| eval AvailablePercentage=(Total - Count5xx)*100/Total
| delta AvailablePercentage as Difference
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aholzer
Motivator
12-03-2014
02:14 PM
Have you looked at the "delta" command?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dhavamanis
Builder
12-03-2014
02:27 PM
can you provide some sample?
Get Updates on the Splunk Community!
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
