Percentages of table totals

TCK101 · ‎02-08-2018

Hi

I have a table top 10 ( could be top15)

So there table has a the top 10 most popular projects by count split by status

however I want to get the status percentage to be the % of the individual project status not as a percentage of the entire table

| top 10 STATUS by projects 
| sort -count 
| eventstats sum(count) as TotalNumber
| eval PercentOfTotal = round(100 * count / TotalNumber,2). "%"    
| stats  list(STATUS) as "STATUS", list(count) as "Count", list(PercentOfTotal) as "Percent", sum(count) as "Total" by projects 
| sort -Total  | addinfo | eval rank=1 | accum rank   | sort +num(rank)  | head (rank <=10)  
| fields rank, projects , STATUS, Count,Percent, Total
| eval STATUS=mvindex(STATUS,0,9)
| eval Count=mvindex(Count,0,9)
| eval Percent=mvindex(Percent,0,9)

nabeel652 · ‎02-12-2018

Do you need something like this?

| top 10 STATUS by projects | sort - projects count  | eventstats sum(count) as ProjectTotal by projects | eval ProjectPercent = round(count/ProjectTotal*100,2)."%" | table projects STATUS count ProjectPercent

nabeel652 · ‎02-12-2018

Can you please explain by giving the data in table entries instead of the SPL as without data it's hard to visualise what you are asking for.

TCK101 · ‎02-16-2018

This is was I am after - the above Source I provided was giving the percent of the OVERALL count totals of the 3 projects added together
- I was the percent per rank / project

rank project status count percent total

1 project1 Initial 10 50% 20
Started 8 40%
Completed 2 10%

2 Project 2 Initial 5 50% 10
Started 4 40%
Completed 1 10%

3 Project 3 Initial 4 50% 8
Started 4 40%
Completed 0 10%

oda · ‎02-12-2018

I do not understand the image, do you have any samples?

Percentages of table totals

Mastering Data Pipelines: Unlocking Value with Splunk

The Latest Cisco Integrations With Splunk Platform!

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk