Use timechart after stats command to show percenta...

Jitendra33 · ‎06-13-2024

Hi Team,

I am trying to put conversion of transaction for all days of the week in a line chart for successful transaction for multiple merchants . Something like this shown below.

My query is like this :

| Myquery
| stats sum(Attempts) as TransactionAttempts, sum(Success) as SuccessfulTransactions by MerchantName
| eval CR= round(coalesce( SuccessfulTransactions / TransactionAttempts * 100, 0 ), 2)
| timechart span=1d CR by MerchantName

Which function shall i put in timechart to get desired result

gcusello · ‎06-13-2024

Hi @Jitendra33 ,

after a stats command, you have only the fields listed in the command, in your case you don't have the _time that is rerquested for the timechart command, so use stats, something like this (to adapt to your real case:

| Myquery
| bin span=1d _time
| stats 
     sum(Attempts) AS TransactionAttempts
     sum(Success) AS SuccessfulTransactions 
     BY _time MerchantName
| eval CR=round(SuccessfulTransactions/TransactionAttempts*100, 2)

Why did you used coalesce?

Ciao.

Giuseppe

Use timechart after stats command to show percentage of Successful transaction for each day

stats

table

timechart

transaction

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Are you a member of the Splunk Community?