×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jameslian
New Member
Member since: ‎04-20-2018
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎04-20-2018
View All

How to calculate percentage against total from a c...

by in Dashboards & Visualizations
‎04-20-2018 01:34 AM
‎04-20-2018 01:34 AM
Hi all gurus, I have this following search, index=fbqr_index ACCOUNT STATUS: | rex "CLIENTID:(?<clientid>\w.*), UID:\[(?<uid>.*)\], ACCOUNT STATUS:(?<accountstatus>\w.*)" | makemv delim="," uid | streamstats latest(accountstatus) as lastAcctSts latest(_time) as lastEventTime by uid reset_after="("accountstatus=\"PENDING\"")" reset_before="("accountstatus=\"APPROVED\"")" | transaction lastEventTime | stats count(uid) as "Merchants" by lastAcctSts | append [ search index=fbqr_index \[cuid:*\] | stats distinct_count(cuid) as Merchants | eval lastAcctSts = "TOTAL" ] What i will like to ask is how do take the total that is append to join with every row other than the one append and calculate a percent based on the total. I am not so familiar with the splunk commands so bear with me for a while and Thanks in advance. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM