Re: Percentage of successful events below SLA

neilhiley · ‎06-03-2015

Have field (secs) and have 12 events 11 of them being under the SLA of 51(secs) I want to achieve a report to show percentage of SUCCESSFUL events how can I do this.

the percentage should be 91.67

thanks

fdi01 · ‎06-03-2015

try like this :

your_base_search | eventstats count as totalcount | chart count,first(totalcount) as totalcount by status | eval percentage=(count/totalcount)*100 + "%"

note: status can be: SUCCESSFUL, FAILLURE, OPEN, CLOSED .....

aholzer · ‎06-03-2015

This should do it:

<base search> | eval SLA = if(secs < 51, 1, 0) | stats count as TOTAL, sum(SLA) as SLA | eval percentage_success = (SLA / TOTAL) * 100

Here's the breakdown:

eval SLA = if(secs < 51, 1, 0) => This will provide an SLA field with a 1 if it's within SLA, and 0 if it's outside SLA
stats count as TOTAL, sum(SLA) as SLA => This will provide the total count of events, by simply counting them, at the same time as "counting" the number of events within SLA. It will also consolidate the data into a single row
eval percentage_success = (SLA / TOTAL) * 100 => This will provide the percentage that you were looking for.

If you are interested in only displaying the percentage value, then you can add | fields percentage_success to the end of the search I gave you.

Hope this helps

neilhiley · ‎07-14-2015

Perfect thanks guys

woodcock · ‎06-03-2015

This should do it:

... | stats count AS Total count(eval(secs<51)) AS ViolatedSLA BY host | eval PerformancePct=((ViolatedSLA/Total)*100)

Percentage of successful events below SLA

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!