Splunk Search

2D table to display test results

pm18
New Member

Hi,

I want to create a table to display the results(pass rate) of some test results we send to splunk.
We send the following fields: flow, stage, protocol and success. Each flow can have any number of stages, and there can be any number of protocols. Success is a boolean that stores if the test has passed or not.

Ideally, the test results should look like this:

           protocol1      protocol2     protocol3    ...

flow1 stage1 100% 90%
stage2 5% ...
stage3
flow2 stage1
stage2

flow3 stage1
stage2
stage3
stage4
...

Any ideas on how to build? Thanks

Tags (2)
0 Karma

lguinn2
Legend

Try this

yoursearchhere
| stats count(success="T") as success count as total by flow stage protocol
| eval successPercent = round(success*100/total, 1)
| eval flow_and_stage = flow + " " + stage
| chart sum(successPercent) by flow_and_stage protocol

HTH

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...