Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Why is fieldformat not working if I don't include a certain value in the table?

danoconnl
Explorer
‎09-15-2016 07:50 AM

here is my search, I'm trying to create a report that shows the error count, error percentage, and total transaction count...

| dedup TransactionID | stats count As ErrorCount by TransactionName  | appendcols [search Message="Calling ProcessRequest" | stats count as TotalTransactionCount by TransactionName ]|eval ErrorPerc= if (isnull(ErrorCount), 0, ErrorCount/TotalTransactionCount) | fieldformat ErrorPercentage = tostring(round(ErrorPerc,6)*100)."%" | Table TransactionName  ErrorPercentage ErrorCount ErrorPerc TotalTransactionCount | fillnull value=0 | sort -ErrorCount

If I don't include ErrorPerc in the table, ErrorPercentage shows up as null. I really don't want ErrorPerc in there since it's less readable and a duplicate of ErrorPercentage

Dan

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sundareshr
Legend
‎09-15-2016 09:26 AM

Try this

| dedup TransactionID | stats count As ErrorCount by TransactionName | appendcols [search Message="Calling ProcessRequest" | stats count as TotalTransactionCount by TransactionName ]|eval ErrorPercentage = if (isnull(ErrorCount), 0, ErrorCount/TotalTransactionCount) | fieldformat ErrorPercentage=tostring(round(ErrorPercentage,6)*100)."%" | Table TransactionName ErrorPercentage ErrorCount TotalTransactionCount | fillnull value=0 | sort -ErrorCount

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

sundareshr
Legend
‎09-15-2016 09:26 AM

Try this

| dedup TransactionID | stats count As ErrorCount by TransactionName | appendcols [search Message="Calling ProcessRequest" | stats count as TotalTransactionCount by TransactionName ]|eval ErrorPercentage = if (isnull(ErrorCount), 0, ErrorCount/TotalTransactionCount) | fieldformat ErrorPercentage=tostring(round(ErrorPercentage,6)*100)."%" | Table TransactionName ErrorPercentage ErrorCount TotalTransactionCount | fillnull value=0 | sort -ErrorCount
0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

(view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...