Solved: chart percentage over a timeframe

charles981 · ‎07-07-2014

I have a webserver log with one entry per request. Every entry contains the used cipher. I want to generate a chart over the last days how many requests used cipher X as percentage of all requests for every hour in the timeframe.
It's no problem to select the right entries, but I'm not able to generate the chart. 😞 Every help is appreciated.

martin_mueller · ‎07-07-2014

Try something like this:

sourcetype=your_data | bin span=1h _time | stats count by _time cipher
| eventstats sum(count) as Total by _time | eval perc = count / Total * 100
| xyseries _time cipher perc

That's assuming the cipher name is extracted in field cipher.

View solution in original post

martin_mueller · ‎07-07-2014

Try something like this:

sourcetype=your_data | bin span=1h _time | stats count by _time cipher
| eventstats sum(count) as Total by _time | eval perc = count / Total * 100
| xyseries _time cipher perc

That's assuming the cipher name is extracted in field cipher.

charles981 · ‎07-07-2014

Thanks a lot. Thats what I need!

chart percentage over a timeframe

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor