Splunk Search
Highlighted

get percentage of specific field over volume

New Member

I have two query

1: sourcetype=A error=499
2: sourcetype=B X=*

I would like to make timechart of % of A on B.

Basically I want to make timechart that will tell if error code increase is because of volume decrease etc,

0 Karma
Highlighted

Re: get percentage of specific field over volume

Ultra Champion
( sourcetype=A error=499) OR (sourcetype=B X=*)
| timechart count by sourcetype
| eval perc= round(A / B * 100,2)
| fillnull
0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.