Solved: Re: calculate percentage

dhs_harry08 · ‎09-15-2011

Hi,

I have a requirement wherein I am using bucket to calculate range and their values.

I am getting my result but im getting many dupliicate entries. An when I am using stats I am getting the error. api_time should be numerical. Can you help me with this.
I need the result like this.

api_time    percent        total

1 1500-1600 0.277316 10
2 400-500 6.211869 224
3 800-900 2.329451 84
4 300-400 6.267332 226

Regards,
Harish

acdevlin · ‎09-15-2011

Stats does have the ability to print non-numerical values; I'm not sure why it would complain about them, unless there was a syntax error somewhere in your query . Try the following instead of the pipe to "table" to display your results:

... | stats values(percent) AS "Percent", values(total) AS "Total" by api_time

If you still get duplicate values, you might want to look into the "dedup" command: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Dedup

View solution in original post

dhs_harry08 · ‎09-16-2011

Thankq that helped and worked.

Regards,
Harish

acdevlin · ‎09-15-2011

Stats does have the ability to print non-numerical values; I'm not sure why it would complain about them, unless there was a syntax error somewhere in your query . Try the following instead of the pipe to "table" to display your results:

... | stats values(percent) AS "Percent", values(total) AS "Total" by api_time

If you still get duplicate values, you might want to look into the "dedup" command: http://docs.splunk.com/Documentation/Splunk/latest/SearchReference/Dedup

dhs_harry08 · ‎09-15-2011

api_time percent total

1500-1600 0.277316 10

400-500 6.211869 224

800-900 2.329451 84

300-400 6.267332 226

calculate percentage

Upcoming Community Maintenance: 10/28

Best Practices for Metrics Pipeline Management

New Case Study: How LSU’s Student-Powered SOCs and Splunk Are Shaping the Future of ...