Solved: How do I write a search to calculate the percentag...

SrinivasaC · ‎01-06-2016

Working on some client data, sample data format looks like:

Item    status
--------------------------
AAA  success
BBB  fail
CCC     pending
DDD  fail
EEE  success
FFF  success
GGG  pending
HHH  success
III  fail
JJJ  pending
KKK  success

Now I want to calculate the percentage of each status field.
I want the output like below:

status     count    percentage
-----------------------------------
Success    50      50%
fail       40      40%
pending    10      10%

plz help me with search.

Thanks in advance..

javiergn · ‎01-07-2016

It should be something like:

yoursearch | top status

View solution in original post

fdi01 · ‎01-07-2016

try like this:

...| stats count   by status| eventstats sum(count) as total| eval percent = round((count/total)*100) . " %"|sort -percent | fields - total

or

...| top status | eval percent=percent."%"

javiergn · ‎01-07-2016

It should be something like:

yoursearch | top status

sdaniels · ‎01-07-2016

Examples in our docs here - http://docs.splunk.com/Documentation/Splunk/6.3.2/SearchReference/Top

How do I write a search to calculate the percentage of each status field in my sample data?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!