Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Percentage for the daily stats
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Percentage for the daily stats
Dear Excepts ,
Need your help to calculate percentage for daily stats.
I am using below query to calculate daily stats and their totals. Need your help come with percentage calculation for each uri_path as shown in "Excepted Results". your help would be much appreciated.
current Query :
index=test sourcetype=123:abc:abc tag::source=AP
uri_path="/url/url1" OR uri_path="/url/url2"
OR uri_path="/url/url3" OR uri_path="/url/url4"
| timechart span=1d count by "uri_path" limit=0 | addtotals
Current Results :
_time /url/url1 /url/url2 /url/url3 /url/url4 Total
2019-08-29T00:00:00.000+0000 100 100 100 100 400
2019-08-30T00:00:00.000+0000 100 100 100 100 400
2019-08-31T00:00:00.000+0000 100 100 100 100 400
2019-09-01T00:00:00.000+0000 100 100 100 100 400
2019-09-02T00:00:00.000+0000 100 100 100 100 400
Excepted Results :
_time /url/url1 /url/url2 /url/url3 /url/url4 Total
2019-08-29T00:00:00.000+0000 100 100 100 100 400
Percentage for 2019-08-29 25% 25% 25% 25% 25%
2019-08-30T00:00:00.000+0000 100 100 100 100 400
Percentage for 2019-08-30 25% 25% 25% 25% 25%
2019-08-31T00:00:00.000+0000 100 100 100 100 400
Percentage for 2019-08-31 25% 25% 25% 25% 25%
2019-09-01T00:00:00.000+0000 100 100 100 100 400
Percentage for 2019-09-01 25% 25% 25% 25% 25%
2019-09-02T00:00:00.000+0000 100 100 100 100 400
Percentage for 2019-09-02 25% 25% 25% 25% 25%
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Any other suggestions from anyone else ?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your URLs are in a predictable format, then you could do something like this:
your search
| foreach '/url*' [ |eval pct_<<FIELD>> = round(100*<<FIELD>>/Total,0)]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@DalJeanis , URLs are not in predictable format. Is it possible to use uri_path in the query to come-up with expected results ?
I tried below query , it didnt work.
index=test sourcetype=123:abc:abc tag::source=AP
uri_path="/url/url1" OR uri_path="/url/url2"
OR uri_path="/url/url3" OR uri_path="/url/url4"
| timechart span=1d count by "uri_path" limit=0 | addtotals
| foreach 'uri_path' [ |eval pct_uri_path = round(100*pct_uri_path/Total,0)]
For testing purpose , I also tried below query. it didnt work. I am getting same output which was printed in my previous post as "Current Results"
index=test sourcetype=123:abc:abc tag::source=AP
uri_path="/url/url1" OR uri_path="/url/url2"
OR uri_path="/url/url3" OR uri_path="/url/url4"
| timechart span=1d count by "uri_path" limit=0 | addtotals
| foreach '/url*' [ |eval pct_url = round(100*pct_url/Total,0)]
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@DalJeanis , Please advice if you have any feedback for my previous post.
Accelerating Observability as Code with the Splunk AI Assistant
Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...
Congratulations to the 2025-2026 SplunkTrust!
