Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

how to display percentage of total

BertKraan
Engager
‎01-29-2014 04:22 AM

I count all my httpstatus'ses and get a neat result using:

index=prd_access sourcetype="access:web:iis:project" | chart count by httpstatus | addcoltotals count

Using addcoltotals I even have the grand total of all httpstatus'ses.

Now what I would like to do is displaying the http code followed by percentage of the total, something along the lines of:

200 95,9 %

304 3,1 %

404 0,1 %

et cetera

I'm sure this has been done before but can someone point me in the right direction?

Thanks in advance,

Bert

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

Ayn
Legend
‎01-29-2014 04:48 AM

Using eventstats might be better:

index=prd_access sourcetype="access:web:iis:project" | eventstats count as totalcount | chart count,first(totalcount) as totalcount by httpstatus | eval percentage=count/totalcount

View solution in original post

Reply
Solved! Jump to solution
Solution

Ayn
Legend
‎01-29-2014 04:48 AM

Using eventstats might be better:

index=prd_access sourcetype="access:web:iis:project" | eventstats count as totalcount | chart count,first(totalcount) as totalcount by httpstatus | eval percentage=count/totalcount

View solution in original post

Reply
Solved! Jump to solution

BertKraan
Engager
‎01-29-2014 05:12 AM

Great! Thanks for your answer!

(Is there anything like a structured tutorial into the Splunk search/query language?) I didn't hear of eventstats before, but It solves my problem.

Thanks again!

0 Karma
Reply
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!