About vinothkumark

vinothkumark

Sorry I think I didn't put it in the right way. It calculates the return_code like below ( check KO and OK ) But I want to calculate the highlighted ones. Example: 8+9+3 = 20 254 + 227 = 481 perc = 20*100/(20+481)=3.1%

vinothkumark

yeah, right. modified it. thanks 226 / (2924 + 226) = 7.17%

vinothkumark

< query > ... | stats count by return_code fetches me the below output. I have to create an alert where the sum of any return_code value other than 100 and 200 should not cross 20% of the overall value. Example: from the above image, I will add the count of return_codes (other than 100 and 200 ) which will result as 226. now the count of 100 and 200 is 2924. now the percentage will come around 7.17 %. How do I achieve this via query?

vinothkumark

It shows error in where command

vinothkumark

I have a field which contains http status code. I want to create a single alert query with multiple conditions. Example: condition1) status code is 500 and greater than 10% alert should be triggered. Condition 2) status code is 403 and greater than 20% alert should be triggered. Condition 3) status code is 503 and greater than 20% alert should be triggered. Also, Is it possible to have different time range for the above condition? like condition 1 and condition 2 should search for last 15 minutes, whereas condition 3 should search for last 30 mins. How do I form the query?

vinothkumark

Hi, can you help on the query if multiple condition needs to be met in the same query? Example: status code is 500 and greater than 10% alert should be triggered. also, if status code is 403 and greater than 20% alert should be triggered.

vinothkumark

Hi, can you help on the query if multiple condition needs to be met in the same query? Example: status code is 500 and greater than 10% alert should be triggered. also, if status code is 403 and greater than 20% alert should be triggered.

vinothkumark

@fredclown Thanks for input. It works. Can you help on the query if the values are in decimal? A B 10.5 20.3 C 30.8

vinothkumark

I have a field A which has percentage values. Also, I have a field B which has percentage values in it. Both are different values. Now I want to create a new field which adds both the values. A B 10% 30% 20% 50% 30% 70% The query should fetch me the results like below: C 40% 70% 100%

Posts	9
Solutions	0
Karma Given	4
Karma Received	0
Member Since	‎12-14-2021

Online Status	Offline
Date Last Visited	Wednesday

How to find percentage with selective sum of field...

How to create Splunk single alert for multiple htt...

How to add two field values into new field?

Re: how to find percentage with selective sum of f...

Re: How to find percentage with selective sum of f...

How to find percentage with selective sum of field...

Re: Splunk single alert for multiple http status c...

How to create Splunk single alert for multiple htt...

Re: How to alert when statusCode=403 is over X per...

Re: Splunk alert based on HTTP status codes

Re: How to add two field values into new field?

How to add two field values into new field?