Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

calculate percentage

visa87
Explorer
‎01-14-2015 08:59 PM

Hi,

I have extracted from my logs the fields in the following format :

Field 1 : Possible values true and false
Field 2 : Possible values true and false

I want to create a report which has the details of % of field 1 which is false and % of field 2 that is false.

I am using something like this ;

... |stats count(Field 1) As "A1",count(eval(match,"false")) As "A2" | eval perc = (100*A1/A2)

But this does not give the desired result.

Can anyone please help on where I am going wrong

Tags (2)
0 Karma
Reply

Raghav2384
Motivator
‎01-14-2015 09:39 PM

@visa87 , you almost got it....i just applied your own approach and see this if can help you

stats count(field1) as Total_Field1,count(eval(field1="FALSE")) as False_Field1,count(field2) as Total_Field2,count(eval(field2="FALSE")) as False_Field2|eval Field1% = ((False_Field1/Total_Field1)*100)|eval Field2% = ((False_Field2/Total_Field2)*100)

Thanks,
Raghav

0 Karma
Reply

jayannah
Builder
‎01-14-2015 09:07 PM

try this

    |eventstats count as field1_total by field1 | eval field1_false_count=if(field1=false,1,0) | eval field1_false_perc=((field1_false_count/field1_total_count) * 100)
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...