Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Show subtotals as percentages in Pivot Statistics Table

postrational
Engager
‎03-31-2015 01:59 AM

I have a Pivot displayed as a Statistics Table, which is defined by the following search:

| pivot My_Object SearchObject count(SearchObject) AS "Count of My_Object" SPLITROW name AS "Name" SPLITCOL status SORT 100 name ROWSUMMARY 0 COLSUMMARY 1 NUMCOLS 100 SHOWOTHER 1

This works nicely and in every row I see a count of search objects, split by the "status" field followed by a column with the heading "ALL", which displays the total.

I would like to change the display to show percentages instead of raw counts. I other words, I would like to see the value from each status column divided by the value from the "ALL" column (as percent).

Is there a way to do this using Pivot?

Reply

dm1
Contributor
‎09-07-2021 07:11 PM

Were you able to find answer to this ? if yes, could you please share ?

0 Karma
Reply

vganjare
Builder
‎03-31-2015 04:06 AM

Hi,

You can try using subsearch to return the total count value. Copy this value in a field which can be used for percentage calculation.

A field value can be returned using *return $FIELD_NAME * command.

Thanks!!

0 Karma
Reply

postrational
Engager
‎03-31-2015 07:29 AM

Should I add the subsearch as a field to the data object, or maybe as a child object to the data model, or should I add it to the "| pivot " search as in pivot My_Object SearchObject count(SearchObject)/[subsearch]?

0 Karma
Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...