Calculate Conversion Rate

HeinzWaescher · ‎10-22-2013

Hi everbody,

I have got a field "Action" with different Values (A,B,C,D,E). I would like to calculate the percentage of my usersbase, who had at least one Action A, B or C.
Therefore i need the total usercount (this is no problem) and the count of users who had at least one of the actions A, B, C. I don't know how to create the second part, perhaps by aggregating these Values to a "new" Value or by a filter within a stats command?

These are my first steps in Splunk and it would be great if you could help me.

Thanks in advance

Heinz

bwooden · ‎10-22-2013

There are several ways to get this result. One method is to filter relevant actions 'inline' using an eval within stats

... | stats count(user) as user_count sum(eval(case(action="A",1,action="B",1,action="C",1,1=1,0))) as filtered_action_count

...the above method creates a value of "1" for any event with an action of A, B, or C and then adds those together in a field called filtered_action count. Completing the example, to calculate the percentage, we can use another eval:

... | stats count(user) as user_count sum(eval(case(action="A",1,action="B",1,action="C",1,1=1,0))) as filtered_action_count | eval percentage= round(filtered_action_count/user_count),2)

HeinzWaescher · ‎10-27-2013

Hi,

thanks for your answer.
Using this search will count the total number of actions A,B,C. What I want to achieve in the second part of the seearch in the end, is the number of uniqe users who had such an action. In my understanding one part of the search has to be about

stats dc(user) as user_count -> this counts all my users

and the second part has to count the unique users for all splunk events who have the value "1" in the added field.

I hope this is understandable. Thanks in advance.

Heinz

Calculate Conversion Rate

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms