Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Percentage of two values

splunkcol
Builder
‎09-09-2021 07:35 AM

Hi

I have a field called STATUS with 2 possible values ​​"SUCCESS" or "WARNING" but the percentages don't seem to work well, I appreciate suggestions

splunkcol_1-1631197644130.png

 

index=my_index SERVICE_CODE="ABCD"
|fields STATUS, SERVICE_CODE
| timechart span=1d sum(eval(if(STATUS="SUCCESS",1,0))) as SUCCESS, sum(eval(if(STATUS="WARNING",1,0))) as FAILED, count as total
| eval percentage=round((SUCCESS/total)*100,2)
| fillnull value=0
| fields percentage
| appendpipe
[stats count
| where count=0]

 

 

Labels (3)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

splunkcol
Builder
‎09-09-2021 07:57 AM

I think I have already solved it

For SUCCESS

splunkcol_0-1631199335340.png

For FAILED

 

splunkcol_1-1631199405730.png

 

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

splunkcol
Builder
‎09-09-2021 07:57 AM

I think I have already solved it

For SUCCESS

splunkcol_0-1631199335340.png

For FAILED

 

splunkcol_1-1631199405730.png

 

0 Karma
Reply
Solved! Jump to solution

ITWhisperer
SplunkTrust
SplunkTrust
‎09-09-2021 07:50 AM 
| eval percentage=floor((SUCCESS/total)*10000)/100
Reply
Get Updates on the Splunk Community!

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

To Community SOAR App Developers - we're reaching out with an important update regarding Python 3.9's ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Automatic Discovery Part 2: Setup and Best Practices

In Part 1 of this series, we covered what Automatic Discovery is and why it’s critical for observability at ...