Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

percent of results per bin

tp29
Engager
‎10-09-2024 08:09 AM

Hi all,

New to splunk, running out of ideas, please help!

I have created a search to show:

| bin span=10m _time

| stat count by _time

This gives me two columns - the time interval in 10 minutes bins, and the number of results within that bin.

What I would like to do is expand on this search and show the % of bins over a time range that have > =10 results 

 

cheers

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-09-2024 08:27 AM 
| bin span=10m _time
| stat count by _time
| stats count(eval(count>=10)) as count10plus count as total
| eval percent=100*count10plus/total

View solution in original post

Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎10-09-2024 08:27 AM 
| bin span=10m _time
| stat count by _time
| stats count(eval(count>=10)) as count10plus count as total
| eval percent=100*count10plus/total
Reply
Solved! Jump to solution

tp29
Engager
‎10-10-2024 01:01 AM

That works perfectly.
Thank you very much 🙏

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...