Hello Splunkers!!
I have mentioned below query and from the below query I want a results as shown below in the excel. Please help me achieve that result.
index=ABC sourcetype=ABC | eval date_yea...
See more...
Hello Splunkers!!
I have mentioned below query and from the below query I want a results as shown below in the excel. Please help me achieve that result.
index=ABC sourcetype=ABC | eval date_year=strftime('_time',"%Y"), date_month=strftime('_time',"%B"), day_week=strftime('_time',"%A"), date_mday=strftime('_time',"%d"), date_hour=strftime('_time',"%H"), date_minute=strftime('_time',"%M") | stats count count(eval(ShuttleId)) as total by sourcetype | table sourcetype total | join max=0 type=outer sourcetype [| search index=ABC sourcetype=ABC | eval date_year=strftime('_time',"%Y"), date_month=strftime('_time',"%B"), day_week=strftime('_time',"%A"), date_mday=strftime('_time',"%d"), date_hour=strftime('_time',"%H"), date_minute=strftime('_time',"%M") | stats count by ShuttleId sourcetype _time] | table ShuttleId count total | eval condition =if(round((count/total),2) <=0, "GREEN", "RED") | eval Status =round((count/total),2) | eval Shuttle_percentage = round(((count/total)*100),2) | table ShuttleId Shuttle_percentage
_time
ShuttleId
Total_Orders
Errors
2022-08-03T00:00:00.000+0000
Shuttle_001
69341
117
2022-08-04T00:00:00.000+0000
Shuttle_002
85640
51
2022-08-05T00:00:00.000+0000
Shuttle_003
72260
43
2022-08-06T00:00:00.000+0000
Shuttle_004
60291
22
2022-08-07T00:00:00.000+0000
Shuttle_005
0
0