charting the percentage from more files based on v...

gballanti · ‎11-15-2019

Hello,

I'm facing with a chart representation monthly based. Every month I receive 3 files like the follow:

01/10/2019 63 7,821428776 1 59,000000000
02/10/2019 57 5,666666508 0 0
03/10/2019 77 5,640625000 2 3,000000000
...

31/10/2019 42 7,025000095 0 0

Fourth file has this format

01/10/2019 1337

I have to monthly chart a value obtained from the following rule:

get the value from the fourth file (1337)
from first three files if the value of the column 5 is greater than 15 I have to sum the value on column 4
calculate the percentage: (total-column-4 / 1337) * 100

I was able to get the value using this query by setting the time keeper on search (previous month or advanced function)

index=rl_ivr
| eval A=if(like(source,"%HD%"),call_offered,0)
| eval nn=tonumber(replace(replace(avg_aban_time,".",""),",","."))
| stats sum(eval(if((nn > 15),num_call_aban,0))) as abbandonate sum(A) as chiamate
| eval sla11 = ((abbandonate / chiamate) * 100)
| table sla11

how can I build a serach to get the value for every month ?

Many thanks,
G.

to4kawa · ‎11-15-2019

| makeresults count=2
| streamstats count
| eval _time = if (count==2,relative_time(_time,"-1month@month"), relative_time(_time,"@d"))
| makecontinuous span=1d
| eval col1=random() % 20, col3=random() % 20
| eval col2=round(random() % 50,8),col4=round(random() % 50,8)
| eval sourcetype="three_files"
| fields - count
| append 
    [| makeresults 
| eval _time = relative_time(_time,"-1month@month")
| eval col6=1337, sourcetype="forth_file"]
| where _time < relative_time(now(),"@month")
| reverse
`comment("this is sample data")`
| stats sum(eval(if(col4 > 15,col3,NULL))) as abbandonate values(col6) as chiamate
| eval sla11 = ((abbandonate / chiamate) * 100)

HI, please adjust the time with the time picker.

gballanti · ‎11-17-2019

thanks for the answer, I will try