Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

extract percentage of code by servername

indeed_2000
Motivator
‎10-14-2021 09:08 AM

Hi
i have two field "servername" "code". i need to extract percent of code by servers.

index="my-index" | table servername code

expected output:
servername code percent count
server1           404    50%        50
                              500    40%       40
                              401    10%       10
server2           404     55%       55
                              500     30%       30
                              401    15%       15

any idea?
thanks

Labels (5)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

indeed_2000
Motivator
‎10-14-2021 12:51 PM

after several try finally find solution, here is the solution:

index="my-index" err* |

| fields code, servername
| stats count(code) as totalCount by servername, code
| eventstats sum(totalCount) as _total
| eventstats sum(totalCount) as _totalPerServer by servername
| eval percentageTotal=round((totalCount/_total)*100,2)
| eval precentagePerServer=round((totalCount/_totalPerServer)*100,2)
| stats list(code) as code list(precentagePerServer) as percentageTotal list(totalCount) by servername
| sort - totalCount

View solution in original post

0 Karma
Reply
Solved! Jump to solution

efavreau
Motivator
‎10-19-2021 02:44 PM

@indeed_2000It looks like the solution you posted and accepted uses the code from the page I linked to. Glad it helped you. It looks like you've found that lines of SPL code may be useful for multiple use cases.
If the pointer I provided was helpful, a karma thumbs up is appreciated.
Happy Splunking!

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Solved! Jump to solution
Solution

indeed_2000
Motivator
‎10-14-2021 12:51 PM

after several try finally find solution, here is the solution:

index="my-index" err* |

| fields code, servername
| stats count(code) as totalCount by servername, code
| eventstats sum(totalCount) as _total
| eventstats sum(totalCount) as _totalPerServer by servername
| eval percentageTotal=round((totalCount/_total)*100,2)
| eval precentagePerServer=round((totalCount/_totalPerServer)*100,2)
| stats list(code) as code list(precentagePerServer) as percentageTotal list(totalCount) by servername
| sort - totalCount

0 Karma
Reply
Solved! Jump to solution

efavreau
Motivator
‎10-14-2021 11:20 AM

Hi @indeed_2000 ! It's often a good idea to search the community for answers before asking the question. In this case, I found exactly an answer in only one search:

https://community.splunk.com/t5/Splunk-Search/How-to-get-the-percentage-of-each-HTTP-status-code/td-...

If this resolves your problem, please accept this answer.

###

If this reply helps you, an upvote would be appreciated.
0 Karma
Reply
Solved! Jump to solution

indeed_2000
Motivator
‎10-14-2021 12:01 PM

the question that you mention is different that with my question.

any idea?

thanks

 

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...