Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Using count as a field for calculation

DerekKing
Path Finder
‎02-05-2014 08:47 AM

Hi,

I have a field "scanned_hosts" that has a value (say 20), and I also have a number of events, which to my understanding is the built in field count.

What I would like to do is create a radial gauge that is a percentage calculation of the two fields. so I want to do something like

index=blah source=blah | eval mypercentage = 100*(count/scanned_hosts) | gauge mypercentage

I can't use my command as it appears I dont have count available to use in the way that I want to use it, and stats count AS mycount doesnt give me what i'm looking for either.

Any Help would be appreciated

Thanks
Derek.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎02-05-2014 09:03 AM

count is only generated during a statistical command.

Try this:

index=blah source=blah | stats count max(scanned_hosts) as scanned_hosts | eval mypercentage = 100 * ( count / scanned_hosts ) | gauge mypercentage

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

alacercogitatus
SplunkTrust
SplunkTrust
‎02-05-2014 09:03 AM

count is only generated during a statistical command.

Try this:

index=blah source=blah | stats count max(scanned_hosts) as scanned_hosts | eval mypercentage = 100 * ( count / scanned_hosts ) | gauge mypercentage
0 Karma
Reply
Solved! Jump to solution

DerekKing
Path Finder
‎02-06-2014 12:48 AM

Thanks very much. I think you have just cleared up a long time misunderstanding. "count is only generated during a statistical command".

The above works, and is exactly what I was looking for - thanks.

Derek.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...