Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

calculate percentage

visa87
Explorer
‎01-14-2015 08:59 PM

Hi,

I have extracted from my logs the fields in the following format :

Field 1 : Possible values true and false
Field 2 : Possible values true and false

I want to create a report which has the details of % of field 1 which is false and % of field 2 that is false.

I am using something like this ;

... |stats count(Field 1) As "A1",count(eval(match,"false")) As "A2" | eval perc = (100*A1/A2)

But this does not give the desired result.

Can anyone please help on where I am going wrong

Tags (2)
0 Karma
Reply

Raghav2384
Motivator
‎01-14-2015 09:39 PM

@visa87 , you almost got it....i just applied your own approach and see this if can help you

stats count(field1) as Total_Field1,count(eval(field1="FALSE")) as False_Field1,count(field2) as Total_Field2,count(eval(field2="FALSE")) as False_Field2|eval Field1% = ((False_Field1/Total_Field1)*100)|eval Field2% = ((False_Field2/Total_Field2)*100)

Thanks,
Raghav

0 Karma
Reply

jayannah
Builder
‎01-14-2015 09:07 PM

try this

    |eventstats count as field1_total by field1 | eval field1_false_count=if(field1=false,1,0) | eval field1_false_perc=((field1_false_count/field1_total_count) * 100)
0 Karma
Reply
Get Updates on the Splunk Community!

Changes to Splunk Instructor-Led Training Completion Criteria

We’re excited to share an update to our instructor-led training program that enhances the learning experience ...

Stay Connected: Your Guide to January Tech Talks, Office Hours, and Webinars!

❄️ Welcome the new year with our January lineup of Community Office Hours, Tech Talks, and Webinars! 🎉 ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...