Hi,
I actually want to calculate failure rate of events to create an alert.
Here is the updated query:
eventtype="" "screen" OR "ui1" | stats count AS TotalEvents by product | appendcols [search eventtype="" "ui2" OR "ui3" | stats count AS subsetEvents by product] | eval percentage = 100 * subsetEvents / TotalEvents | where percentage > 1
screen has a field say x, ui1, ui2 and ui3 are coming from same field say y.
But to calculate percentage: (screen and ui1) is taken together and (ui2 and ui3) is taken together
... View more