Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to write search to find error percentage for each group?

kimberlytrayson
Path Finder
‎08-30-2022 02:01 AM

My data looks as follows:

host col2 
---- ---- 
A   SUCCESS 
A   ERROR 
B   ERROR 
B   SUCCESS 
B   SUCCESS 
C   ERROR

Here is the desired output:

host Total_rows_for_this_host Errors_for_this_host ErrorPercentage
---- ------------------------ -------------------- --------------
A               2                     1                  50
B               3                     1                  33
C               1                     1                  100

For every host, we need to find the error percentage.

What query could I use? Thank you.

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-30-2022 02:11 AM

Hi @kimberlytrayson,

you have to use the stats command, something like this:

<your_search>
| stats count AS Total_rows_for_this_host count(eval(col2="ERROR")) AS Errors_for_this_host BY host
| eval ErrorPercentage=round(Errors_for_this_host/Total_rows_for_this_host*100,2)

Ciao,

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎08-30-2022 02:11 AM

Hi @kimberlytrayson,

you have to use the stats command, something like this:

<your_search>
| stats count AS Total_rows_for_this_host count(eval(col2="ERROR")) AS Errors_for_this_host BY host
| eval ErrorPercentage=round(Errors_for_this_host/Total_rows_for_this_host*100,2)

Ciao,

Giuseppe

Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...