calculate percentage

visa87 · ‎01-14-2015

Hi,

I have extracted from my logs the fields in the following format :

Field 1 : Possible values true and false
Field 2 : Possible values true and false

I want to create a report which has the details of % of field 1 which is false and % of field 2 that is false.

I am using something like this ;

... |stats count(Field 1) As "A1",count(eval(match,"false")) As "A2" | eval perc = (100*A1/A2)

But this does not give the desired result.

Can anyone please help on where I am going wrong

Raghav2384 · ‎01-14-2015

@visa87 , you almost got it....i just applied your own approach and see this if can help you

stats count(field1) as Total_Field1,count(eval(field1="FALSE")) as False_Field1,count(field2) as Total_Field2,count(eval(field2="FALSE")) as False_Field2|eval Field1% = ((False_Field1/Total_Field1)*100)|eval Field2% = ((False_Field2/Total_Field2)*100)

Thanks,
Raghav

jayannah · ‎01-14-2015

try this

    |eventstats count as field1_total by field1 | eval field1_false_count=if(field1=false,1,0) | eval field1_false_perc=((field1_false_count/field1_total_count) * 100)

calculate percentage

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...