Activity Feed
- Karma Re: How to get Total Sum of Error Type Counts per day? for somesoni2. 06-05-2020 12:48 AM
- Karma Re: What are the differences between append, appendpipe, and appendcols search commands? for marina_rovira. 06-05-2020 12:47 AM
- Got Karma for Re: What are the differences between append, appendpipe, and appendcols search commands?. 06-05-2020 12:47 AM
- Posted Calculating hourly percentage rates for multiple sources on Splunk Search. 03-24-2016 01:30 PM
- Tagged Calculating hourly percentage rates for multiple sources on Splunk Search. 03-24-2016 01:30 PM
- Tagged Calculating hourly percentage rates for multiple sources on Splunk Search. 03-24-2016 01:30 PM
- Tagged Calculating hourly percentage rates for multiple sources on Splunk Search. 03-24-2016 01:30 PM
- Tagged Calculating hourly percentage rates for multiple sources on Splunk Search. 03-24-2016 01:30 PM
- Posted Re: What are the differences between append, appendpipe, and appendcols search commands? on Splunk Search. 03-21-2016 09:55 AM
- Posted How to get Total Sum of Error Type Counts per day? on Splunk Search. 03-11-2016 10:54 AM
- Tagged How to get Total Sum of Error Type Counts per day? on Splunk Search. 03-11-2016 10:54 AM
- Tagged How to get Total Sum of Error Type Counts per day? on Splunk Search. 03-11-2016 10:54 AM
- Tagged How to get Total Sum of Error Type Counts per day? on Splunk Search. 03-11-2016 10:54 AM
- Tagged How to get Total Sum of Error Type Counts per day? on Splunk Search. 03-11-2016 10:54 AM
- Tagged How to get Total Sum of Error Type Counts per day? on Splunk Search. 03-11-2016 10:54 AM
- Posted Re: How to alert on a value crossing over a moving average of that value? on Splunk Search. 03-09-2016 02:11 PM
- Posted Re: How to alert on a value crossing over a moving average of that value? on Splunk Search. 03-09-2016 02:11 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
03-24-2016
01:30 PM
I am trying to calculate hourly decline percentage rates for several different payment gateways.
The percentage is based on hourly decline count / total transaction count for that gateway * 100.
My current query is only able to pull the data for 1 gateway and looks like this:
gateway=firstdata errorType!=null event=transactionCompleted |bucket _time span=1h | eval hour=strftime(_time,"%H") | stats count(eval(success="false")) as declined, count as total by month | eval percent_declined=(declined / total * 100)
Hour |percent_declined
00 19.62
01 18.54
02 18.75
Ideally, I would want the report to look like:
Hour |PayPal| FirstData | Stripe | etc.......
00 20.02 18.94 15.214
01 19.45 17.12 15.84
02 19.62 18.54 15.44
I was thinking that this might have to use timechart but hitting a wall. The only thing that I know which the query has to include is gateway!=test which will pull up the data for all the gateways instead of one in particular.
Any guidance would would be deeply appreciated!
... View more
03-21-2016
09:55 AM
1 Karma
Yes, same here! CountA and CountB and TotalCount to create a column for %CountA and %CountB
... View more
03-11-2016
10:54 AM
I'm trying to add a column to the right of OTHER, which sums up the entire row counts of each errorType per day. So for example, the first value in a column farthest to the right would be the total count for api_error + approved + declined + expired_Card etc. for each day.
My current search is gateway=firstdata errorType!=null event=transactionCompleted | timechart count by errorType span="1m"
... View more
03-09-2016
02:11 PM
I'm trying to run a similar search looking at decline rates for a payment gateway. I want to look at the current decline rate average trend line and also the running average trendline.
tried doing something similar but ended up getting Mismatched ']' when I ran my query.
gateway=firstdata errorType=declined event=transaction Completed earliest=-1h@h latest=@h | bucket _time span=1h | stats count as hourlyCount by _time | appendcols { search searchforerrors earliest=-7d@d latest=-1h@h | bucket _time span=1h | stats count by _time | stats avg(count) as average ] |where hourlyCount > average
Any idea why?
... View more
03-09-2016
02:11 PM
I'm trying to run a similar search looking at decline rates for a payment gateway. I want to look at the current decline rate average trend line and also the running average trendline.
tried doing something similar but ended up getting Mismatched ']' when I ran my query.
gateway=firstdata errorType=declined event=transaction Completed earliest=-1h@h latest=@h | bucket _time span=1h | stats count as hourlyCount by _time | appendcols { search searchforerrors earliest=-7d@d latest=-1h@h | bucket _time span=1h | stats count by _time | stats avg(count) as average ] |where hourlyCount > average
Any idea why?
... View more
