Use timechart after stats command to show percenta...

Jitendra33 · ‎06-13-2024

Hi Team,

I am trying to put conversion of transaction for all days of the week in a line chart for successful transaction for multiple merchants . Something like this shown below.

My query is like this :

| Myquery
| stats sum(Attempts) as TransactionAttempts, sum(Success) as SuccessfulTransactions by MerchantName
| eval CR= round(coalesce( SuccessfulTransactions / TransactionAttempts * 100, 0 ), 2)
| timechart span=1d CR by MerchantName

Which function shall i put in timechart to get desired result

gcusello · ‎06-13-2024

Hi @Jitendra33 ,

after a stats command, you have only the fields listed in the command, in your case you don't have the _time that is rerquested for the timechart command, so use stats, something like this (to adapt to your real case:

| Myquery
| bin span=1d _time
| stats 
     sum(Attempts) AS TransactionAttempts
     sum(Success) AS SuccessfulTransactions 
     BY _time MerchantName
| eval CR=round(SuccessfulTransactions/TransactionAttempts*100, 2)

Why did you used coalesce?

Ciao.

Giuseppe

Use timechart after stats command to show percentage of Successful transaction for each day

stats

table

timechart

transaction

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation