Solved: Percentile total transactions as a percentage of t...

joe06031990 · ‎08-17-2021

Hello,

I have the bellow search:

index=test sourcetype=Test

|stats count by _time

|eventstats perc99(count) as p99

|eval Percentile = case(count >= p99, “99%”)

|stats count by transactions by percentile

I want to add a column that shows the % of transactions in the 99% percentile however can’t work out how to do this. Any advice would be greatly appreciated.

Thanks

Joe

ITWhisperer · ‎08-17-2021

The first part generates some dummy data

| gentimes start=-5 increment=1m | rename starttime as _time | fields - endhuman endtime starthuman | eval count=random() % 100 


| eventstats perc99(count) as p99
| eval qualifying  = case(count <= p99, count)
| eventstats sum(qualifying) as transactions sum(count) as total
| eval percentage=100*transactions/total

View solution in original post

ITWhisperer · ‎08-17-2021

The first part generates some dummy data

| gentimes start=-5 increment=1m | rename starttime as _time | fields - endhuman endtime starthuman | eval count=random() % 100 


| eventstats perc99(count) as p99
| eval qualifying  = case(count <= p99, count)
| eventstats sum(qualifying) as transactions sum(count) as total
| eval percentage=100*transactions/total

View solution in original post

joe06031990 · ‎08-17-2021

That’s great, thanks for your help. 😀.

Percentile total transactions as a percentage of total transactions

chart

eval

stats

table

timechart

tstats

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!

Catch Up Now >>