Thank you for your feedback. We appreciate your engagement and aim to provide the best assistance possible based on the information shared in the community forum. The query provided was our best eff...
See more...
Thank you for your feedback. We appreciate your engagement and aim to provide the best assistance possible based on the information shared in the community forum. The query provided was our best effort to address your question using the details you offered. Community members, including myself, volunteer our time and knowledge to help fellow Splunk users. If you need more tailored assistance or have specific requirements not covered in the initial query, there are a couple of options: You can provide more detailed information about your data structure and exact requirements in the forum. This would help us refine the solution further. For more in-depth, real-time support where you can share your screen and get personalized guidance, Splunk offers ondemand services. These allow for "shoulder surfing" and can address your specific needs more directly. Regarding the query itself, you can adapt the latter part to your specific environment as mentioned by @yuanliu or me. | stats count as total_servers, count(eval(status_field="YourCompletedStatus")) as completed_count, count(eval(status_field="YourPendingStatus")) as pending_count | eval completed_percentage = round(completed_count / total_servers * 100, 0) | eval pending_percentage = round(pending_count / total_servers * 100, 0) | eval "Completed Servers" = completed_count . " (" . completed_percentage . "%)" | eval "Pending Servers" = pending_count . " (" . pending_percentage . "%)" | fields "Completed Servers", "Pending Servers" Replace index, source, sourcetype, status_field, YourCompletedStatus, and YourPendingStatus with your specific values. This should work with your actual data structure. We're here to help, and we hope this guidance proves useful for your specific use case. Thanks.