Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

calculate percentage

visa87
Explorer
‎01-14-2015 08:59 PM

Hi,

I have extracted from my logs the fields in the following format :

Field 1 : Possible values true and false
Field 2 : Possible values true and false

I want to create a report which has the details of % of field 1 which is false and % of field 2 that is false.

I am using something like this ;

... |stats count(Field 1) As "A1",count(eval(match,"false")) As "A2" | eval perc = (100*A1/A2)

But this does not give the desired result.

Can anyone please help on where I am going wrong

Tags (2)
0 Karma
Reply

Raghav2384
Motivator
‎01-14-2015 09:39 PM

@visa87 , you almost got it....i just applied your own approach and see this if can help you

stats count(field1) as Total_Field1,count(eval(field1="FALSE")) as False_Field1,count(field2) as Total_Field2,count(eval(field2="FALSE")) as False_Field2|eval Field1% = ((False_Field1/Total_Field1)*100)|eval Field2% = ((False_Field2/Total_Field2)*100)

Thanks,
Raghav

0 Karma
Reply

jayannah
Builder
‎01-14-2015 09:07 PM

try this

    |eventstats count as field1_total by field1 | eval field1_false_count=if(field1=false,1,0) | eval field1_false_perc=((field1_false_count/field1_total_count) * 100)
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...