Use timechart after stats command to show percenta...

Jitendra33 · ‎06-13-2024

Hi Team,

I am trying to put conversion of transaction for all days of the week in a line chart for successful transaction for multiple merchants . Something like this shown below.

My query is like this :

| Myquery
| stats sum(Attempts) as TransactionAttempts, sum(Success) as SuccessfulTransactions by MerchantName
| eval CR= round(coalesce( SuccessfulTransactions / TransactionAttempts * 100, 0 ), 2)
| timechart span=1d CR by MerchantName

Which function shall i put in timechart to get desired result

gcusello · ‎06-13-2024

Hi @Jitendra33 ,

after a stats command, you have only the fields listed in the command, in your case you don't have the _time that is rerquested for the timechart command, so use stats, something like this (to adapt to your real case:

| Myquery
| bin span=1d _time
| stats 
     sum(Attempts) AS TransactionAttempts
     sum(Success) AS SuccessfulTransactions 
     BY _time MerchantName
| eval CR=round(SuccessfulTransactions/TransactionAttempts*100, 2)

Why did you used coalesce?

Ciao.

Giuseppe

Use timechart after stats command to show percentage of Successful transaction for each day

stats

table

timechart

transaction

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

Are you a member of the Splunk Community?