Splunk Search

Results in percentage

KarnN
Engager

Hello fellow Splunkers. I made a query that shows the right results. I would like to show these results in percentage.

This is my query:

index=hocus_pocus OR index=shazam
[| inputlookup Server_list.csv
| rename DnsName AS host
| fields host]
| fields host
| fields - _raw _time
| dedup host
| eval "logfound"="1"
| eval host=lower(host)
| addcoltotals
| tail 1
| fields logfound

Thanks guys

0 Karma

KarnN
Engager

Are there any other options?

0 Karma

mayurr98
Super Champion

can you try

index=hocus_pocus OR index=shazam 
    [| inputlookup Server_list.csv 
    | rename DnsName AS host 
    | fields host] 
| fields host 
| fields - _raw _time 
| dedup host 
| eval "logfound"="1" 
| eval host=lower(host) 
| eventstats sum(logfound) as total | eval perc=logfound/total*100 
0 Karma

KarnN
Engager

Hi mayurr98,

Thank you for the support. I tried this query. I get a overview of the hosts but no total percentage of the foundservers 😞

0 Karma

jpolvino
Builder

Please post a table or image showing what the output looks like now, and where you want percentages.

0 Karma

KarnN
Engager

Hi jpolvino, thanks for the response.
I basically want a percentage of the total. I now get a result of the total of 22 servers in total. 16 has been found. I want this to be displayed in percentage. I will place a image of the total

0 Karma