My REGEX:
| rex "\sof (?<Name>[A-Za-z0-9_]+)" | rex "\sdeposit \((?<Deposit>\d+)" | rex "\s*withdrawal \((?<Withdrawal>\d+)" | table Name Deposit Withdrawal | addtotals Withdrawal "\s*withdrawal \((?<Withdrawal>\d+)"
The problem:
I would like to have the percentage of the Withdrawn amount. So for example:
John_Doe2 Deposit 100 Withdrawal 90
I would like to add a column that shows the percentage "%" and add the calculation of that amount into my REGEX. Here's what I have so far:
| rex "\sof (?<Name>[A-Za-z0-9_]+)" | rex "\sdeposit \((?<Deposit>\d+)" | rex "\s*withdrawal \((?<Withdrawal>\d+)" | table Name Deposit Withdrawal | addtotals Withdrawal "\s*withdrawal \((?<Withdrawal>\d+)" | stats sum(Deposit) sum(Withdrawal) by Name | eval percent=(Withdrawal/Deposit) | table percent
I tried different combinations of eval and stats but keep coming up empty. Any assistance would be much appreciated.
Your stats
produces fields called sum(fieldname)
, rename them before doing further calculations like this:
... | stats sum(Deposit) as sum_deposit sum(Withdrawal) as sum_withdrawal | eval percent = sum_withdrawal/sum_deposit*100."%"
Note, your call to addtotals
contains odd regular expressions that make little sense there.