Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to addcoltotals the percentage of StatusCodes ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
edookati
Path Finder
03-09-2015
08:24 AM
I am using the below query to get the status codes of different applications which have one common functionality...I need to add the % by index.. Can someone please help me?
Thanks.
index=* sourcetype=access* URL="/bankapi/accounts/*/transactions/*/checkimages*" | top StatusCode by index
Below are the results...
index StatusCode count percent
bankapi_logs 200 616 98.402556
bankapi_logs 500 10 1.597444
olb_logs 200 5563 98.338342
olb_logs 500 52 0.919215
olb_logs 404 32 0.565671
olb_logs 503 10 0.176772
I need something like this...
index StatusCode count percent
bankapi_logs 200 616 98.402556
bankapi_logs 500 10 1.597444
BankAPI.Total 100
olb_logs 200 5563 98.338342
olb_logs 500 52 0.919215
olb_logs 404 32 0.565671
olb_logs 503 10 0.176772
OLB.Total 100
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
acharlieh
Influencer
03-09-2015
12:16 PM
You could use appendpipe to use stats to add the statistics rows like this:
<existing query> | appendpipe [stats sum(percent) as percent by index] | sort index
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
acharlieh
Influencer
03-09-2015
12:16 PM
You could use appendpipe to use stats to add the statistics rows like this:
<existing query> | appendpipe [stats sum(percent) as percent by index] | sort index
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
03-09-2015
12:34 PM
Version with more close to your expected format
index=* sourcetype=access* URL="/bankapi/accounts/*/transactions/*/checkimages*" | top StatusCode by index | appendpipe [stats sum(percent) as percent by index | eval index=upper(index)."_Total" | eval percent=round(percent)] | sort index
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
edookati
Path Finder
03-10-2015
11:07 AM
Thanks a lot.
Get Updates on the Splunk Community!
.conf24 | Registration Open!
Hello, hello! I come bearing good news: Registration for .conf24 is now open!
conf is Splunk’s rad annual ...
ICYMI - Check out the latest releases of Splunk Edge Processor
Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.
HEC Receiver authorization ...
Introducing the 2024 SplunkTrust!
Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!
The ...
