Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Calculate w different prices based on cliplevels

JYTTEJ
Communicator
‎06-24-2013 08:02 AM

Hi, I need to make a report which need to calculate with two different prices.

Price 3,33 USD for the first 10000 trx within a month

Price 2,22 for 10001 - 20001 trx within same month

Price 1,11 for 20001 + trx within the same month

I have tried following:

|accum Trx as Accum_trx |EVAL Charge=if(Accum_trx <10000,3.33, if(Accum_trx>10001 AND Accum_trx<20001,2.22, 1.11))

If Accum_trx are

3444

7000

9500

10500

the search will calculate 9500*3.33

and 10500 minus 9500 = 1000*2.22

I need to calculate 500 * 3.33 and 500 * 2.22 instead.

How do I accomplish this?

Tags (1)
0 Karma
Reply

lguinn2
Legend
‎07-15-2013 09:01 AM

Second answer, based on the request to show how the charges were calculated

yoursearchhere
| stats count as totalTransactions by customer
| eval charge = case(totalTransactions < 10001,totalTransactions *3.33,
                     totalTransactions < 20001,33300+(totalTransactions-10000)*2.22,
                     totalTransactions > 20000,55500+(totalTransactions-20000)*1.11)
| eval Transactions = case(totalTransactions < 10001,tostring(totalTransactions),
                     totalTransactions < 20001,"10000\n"+tostring(totalTransactions-10000)),
                     totalTransactions > 20000,"10000\n10000\n"+tostring(totalTransactions-20000))
| eval Rates = case(totalTransactions < 10001,"3.33",
                     totalTransactions < 20001,"3.33\n2.22",
                     totalTransactions > 20000,"3.33\n2.22\n1.11")
| table customer totalTransactions charge Transactions Rates

This seemed simplest, but there are other ways

0 Karma
Reply

lguinn2
Legend
‎06-24-2013 01:40 PM

Why not:

yoursearchhere
| stats count as numTransactions by customer
| eval charge = case(numTransactions < 10001,numTransactions *3.33,
                     numTransactions < 20001,33300+(numTransactions-10000)*2.22,
                     numTransactions > 20000,55500+(numTransactions-20000)*1.11)
0 Karma
Reply

JYTTEJ
Communicator
‎07-12-2013 04:07 AM

This works fine! - but I also want to display on the same report how the total has been calculated. I.e. a report showing:

CUSTOMER Trx Trx_Charge Amount
XXX 10000 3.33 33300,00
XXX 10000 2.33 22200,00
XXX 1111 1.11 1234,00

  • Do you have more good ideas?
0 Karma
Reply

aholzer
Motivator
‎06-24-2013 10:09 AM

Two things I'd suggest:
1) use the case function instead of nested "ifs"
2) use the "delta" command to calculate the difference between the accum_trx of the previous event and your current event

With these two changes you should be able to get what you need.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...