Re: Show subtotals as percentages in Pivot Statist...

postrational · ‎03-31-2015

I have a Pivot displayed as a Statistics Table, which is defined by the following search:

| pivot My_Object SearchObject count(SearchObject) AS "Count of My_Object" SPLITROW name AS "Name" SPLITCOL status SORT 100 name ROWSUMMARY 0 COLSUMMARY 1 NUMCOLS 100 SHOWOTHER 1

This works nicely and in every row I see a count of search objects, split by the "status" field followed by a column with the heading "ALL", which displays the total.

I would like to change the display to show percentages instead of raw counts. I other words, I would like to see the value from each status column divided by the value from the "ALL" column (as percent).

Is there a way to do this using Pivot?

dm1 · ‎09-07-2021

Were you able to find answer to this ? if yes, could you please share ?

vganjare · ‎03-31-2015

Hi,

You can try using subsearch to return the total count value. Copy this value in a field which can be used for percentage calculation.

A field value can be returned using *return $FIELD_NAME * command.

Thanks!!

postrational · ‎03-31-2015

Should I add the subsearch as a field to the data object, or maybe as a child object to the data model, or should I add it to the "| pivot " search as in pivot My_Object SearchObject count(SearchObject)/[subsearch]?

Show subtotals as percentages in Pivot Statistics Table

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!