- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Percentage of two calculated search values
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
don't hate me @to4kawa But can you help me one last time! Ive been stuck for a few hours trying to figure out how to do this, my splunk forum searches are getting me close, but I'm not sure how to go about it... I know the below search is incorrect, but i need to come up with the "avg_kWhU" value and and the "avg_kWhP" value in one search, and then find the percentage difference between kwh used and kwh produced. for example if kWhP was 50 and kWhU was 50 Percent_powered would be 100%
i think i cant have two bins grouping by _time? I have tried many things, and seem to be stuck 😞
| where 'usage_info.d_w'>=0 or 'usage_info.solar_w'>=0
| bin _time span=1h
| stats count as samplesU sum(usage_info.d_w) as watt_sumU by _time
| eval kW_SumU=watt_sumU/1000
| eval avg_kWhU=kW_SumU/samplesU
| stats count as samplesP sum(usage_info.solar_w) as watt_sumP by _time
| eval kW_SumP=watt_sumP/1000
| eval avg_kWhP=kW_SumP/samplesP
| eval percent_powered=((avg_kWhP/avg_kWhU)100)
| table percent_powered
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try multireport
| where 'usage_info.d_w'>=0 or 'usage_info.solar_w'>=0
| bin _time span=1h
| multireport
[| stats count as samplesU sum(usage_info.d_w) as watt_sumU by _time
| eval kW_SumU=watt_sumU/1000
| eval avg_kWhU=kW_SumU/samplesU ]
[| stats count as samplesP sum(usage_info.solar_w) as watt_sumP by _time
| eval kW_SumP=watt_sumP/1000
| eval avg_kWhP=kW_SumP/samplesP ]
| selfjoin _time
| eval percent_powered=round((avg_kWhP/avg_kWhU)*100),2)
| table percent_powered
multireport has no reference.
reference:
https://www.google.com/search?q=multireport+splunk
don't hate me @to4kawa
No, I don't think so.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try multireport
| where 'usage_info.d_w'>=0 or 'usage_info.solar_w'>=0
| bin _time span=1h
| multireport
[| stats count as samplesU sum(usage_info.d_w) as watt_sumU by _time
| eval kW_SumU=watt_sumU/1000
| eval avg_kWhU=kW_SumU/samplesU ]
[| stats count as samplesP sum(usage_info.solar_w) as watt_sumP by _time
| eval kW_SumP=watt_sumP/1000
| eval avg_kWhP=kW_SumP/samplesP ]
| selfjoin _time
| eval percent_powered=round((avg_kWhP/avg_kWhU)*100),2)
| table percent_powered
multireport has no reference.
reference:
https://www.google.com/search?q=multireport+splunk
don't hate me @to4kawa
No, I don't think so.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I didn't even know this was possible. thanks!
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
