Solved: Re: Find error percentage for each group

kimberlytrayson · ‎08-30-2022

My data looks as follows:

host col2 
---- ---- 
A   SUCCESS 
A   ERROR 
B   ERROR 
B   SUCCESS 
B   SUCCESS 
C   ERROR

Here is the desired output:

host Total_rows_for_this_host Errors_for_this_host ErrorPercentage
---- ------------------------ -------------------- --------------
A               2                     1                  50
B               3                     1                  33
C               1                     1                  100

For every host, we need to find the error percentage.

What query could I use? Thank you.

gcusello · ‎08-30-2022

Hi @kimberlytrayson,

you have to use the stats command, something like this:

<your_search>
| stats count AS Total_rows_for_this_host count(eval(col2="ERROR")) AS Errors_for_this_host BY host
| eval ErrorPercentage=round(Errors_for_this_host/Total_rows_for_this_host*100,2)

Ciao,

Giuseppe

View solution in original post

gcusello · ‎08-30-2022

Hi @kimberlytrayson,

you have to use the stats command, something like this:

<your_search>
| stats count AS Total_rows_for_this_host count(eval(col2="ERROR")) AS Errors_for_this_host BY host
| eval ErrorPercentage=round(Errors_for_this_host/Total_rows_for_this_host*100,2)

Ciao,

Giuseppe

How to write search to find error percentage for each group?

stats

.conf24 | Day 0

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

Troubleshooting the OpenTelemetry Collector