Splunk Search

get percentage of specific field over volume

New Member

I have two query

1: sourcetype=A error=499
2: sourcetype=B X=*

I would like to make timechart of % of A on B.

Basically I want to make timechart that will tell if error code increase is because of volume decrease etc,

0 Karma

Ultra Champion
( sourcetype=A error=499) OR (sourcetype=B X=*)
| timechart count by sourcetype
| eval perc= round(A / B * 100,2)
| fillnull
0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...