Variable storage

Kendrick33 · ‎11-22-2010

I am performing some math functions in splunk.I am doing a search that will calculate the percentage of each data type. What variable can I use to store values without them having to be charted until the end of my search.

For example:

chart avg(db_abc_p) as anr, avg(db_efg) as enr, avg(db_hij) as hnr, avg(db_total) as Total | eval percentANR=(anr/Total)*100 | eval percentENR (enr/Total)*100 | eval percentHNR=hnr/Total)*100

what I end up with is valueS outputed for all seven variables, when all I really want is to display the values for : percentANR, percentENR, percentHNR

sfleming · ‎11-23-2010

or... for a simple table display,

... | table percentANR, percentENR, percentHNR

The table command will output the columns in the order you specify.

southeringtonp · ‎11-22-2010

Use the fields command to limit the display to just those you want to keep:

| fields percentANR, percentENR, percentHNR

gkanapathy · ‎11-22-2010

Or ... | fields - unwantedfield to remove specific fields.

Variable storage

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud

Join the Conversation

Variable storage

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Unlock Database Monitoring with Splunk Observability Cloud