Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

stats count by field and show total

sarit_s
Communicator
‎01-09-2022 01:09 AM

Hello,

I want to calculate the count of total events, count of errors and show the total percent of the failures from total.

my query is : 

sourcetype=WalletExecuter Exception.Message="* BitGo *" 
|stats count as total count(eval(Level="Error")) as FAILRUES by Exception.CorrelationId
| eval Failure%=round((FAILRUES/total)*100, 2)

but the results that returned are the percent of each CorrelationId
how can i show the total failure percent ?

thanks

Labels (1)
Labels
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-09-2022 02:03 AM

Is this what you mean?

sourcetype=WalletExecuter Exception.Message="* BitGo *" 
|stats count as total count(eval(Level="Error")) as FAILRUES by Exception.CorrelationId
| eventstats sum(total) as grandtotal
| eval Failure%=round((FAILRUES/grandtotal)*100, 2)
0 Karma
Reply

sarit_s
Communicator
‎01-09-2022 04:43 AM

Hey,

No.. i need total of all the correlationId in one line

this is the results of the query you sent:

sarit_s_0-1641732182495.png

 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎01-09-2022 12:12 PM

Sorry, I don't understand what you results you are expecting. Do you mean addcoltotals?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...