Help with a qlick view search?

uagraw01 · ‎03-14-2023

Hello Splunkers!!

I have qlick view search. And I want to use same kind of search in Splunk. Please help me how can I arrange or use below qlick view search in Splunk ?

=if(sum(ShuttlePareto.Technical) / sum(IF(JobStatusKey='Finished', Throughput.RecordCounter)) <= 0, round(0.000001,0.01),
if(sum(ShuttlePareto.Technical) / (sum(IF(JobStatusKey='Finished', Throughput.RecordCounter)) + 0.000001) > 1, 100, round(sum(ShuttlePareto.Technical) / sum(IF(JobStatusKey='Finished', Throughput.RecordCounter)) * 100, 0.01)
)
)

ITWhisperer · ‎03-14-2023

Please share some of the events (anonymised of course) that you are dealing with and what you are attempting to do with them.

Also, please update the subject line so it is more meaningful to the question you are asking.

uagraw01 · ‎03-14-2023

@ITWhisperer

Below are the sample events:

   CrossAisleDistance: 6
   DepositLocation: R14S1X041Y13Z1
   EntryLocation: MI0801
   From: 1661627543719
   Id: b804ed28-5c04-435e-b507-9296e73552c8
   Level: null
   LiftController: Lift Controller 05 (Lift 8 & 10)
   LiftId: LI08
   LogicalDestination: null
   ModuleContext: OT
   ModuleGroup: ASR
   ModuleId: 1
   ModuleType: Ads
   MsgName: OtOrderThroughput
   MsgTime: 2022-10-04 17:14:39.217
   OrderId: 53659573
   OrderStatus: Finished
   OrderType: Storage
   OrderTypeMovement: Inbound
   ParentId: 1e460886-c535-46c8-92d8-7cb698edb586
   PickupLocation: P081303
   ShuttleId: null
   To: 1661627543719
   TraceFlags: 1
   TraceId: ca9c16a6-f3ee-4a19-998d-969bfa314fde
   TraceVersion: 00
   Version: 0.1.0

ITWhisperer · ‎03-14-2023

If you don't want to provide sufficient information for us to be able to help you, you can't really expect much support!

Consider it this way, supposed we know nothing about your application, or the events you are dealing with, or what you have in mind to do; from that standpoint, what information do you think we would need to be able to guide you to a solution?

Imagine it the other way around, if you were presented with the sort of information you have posted, would you know what was being asked for just from this information?

uagraw01 · ‎03-14-2023

@ITWhisperer Yes, I know the issue . Actually above query they using in Qlick View tool to present some visulization. Now they want us to use same kind of query by using splunk event.

=if(sum(ShuttlePareto.Technical) / sum(IF(JobStatusKey='Finished', Throughput.RecordCounter)) <= 0, round(0.000001,0.01),
if(sum(ShuttlePareto.Technical) / (sum(IF(JobStatusKey='Finished', Throughput.RecordCounter)) + 0.000001) > 1, 100, round(sum(ShuttlePareto.Technical) / sum(IF(JobStatusKey='Finished', Throughput.RecordCounter)) * 100, 0.01)
)
)

I only need an help from your side. How can we frame above kind of query in Splunk ?

Like "if(sum(ShuttlePareto.Technical) / sum(IF(JobStatusKey='Finished', Throughput.RecordCounter))" its looking confusing to me.

ITWhisperer · ‎03-14-2023

It is confusing to me to - I don't know Qlick - what is it trying to do? what data is it working with? what is your corresponding data in Splunk? what are you trying to achieve?

uagraw01 · ‎03-14-2023

@ITWhisperer Thanks for your support. Let gather some information otherwise I will try to frame that query.

Help with a qlick view search?

other

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?