Solved: How to edit my stats count search to chart a perce...

sidekix24 · ‎02-19-2016

Hi,

I have the search below that displays an availability percentage for me, but now I'm looking to time chart that percentage to show a trend of the availability percentage over time. I'm thinking that the issue I'm having is that once you use count, that does a count over the selected time so it wraps up everything into that one percentage.

| stats count(eval(Login_Status)) AS Total count(eval(Login_Status=302 AND Recruiter_Status=200 AND QuickSearch_Status=200)) AS Success | eval Division=Success/Total | eval Percent=round ((Division)*100,2) | eval Final=Percent + "%" | table Percent

Anyone have any suggestions or ideas to try?

Thanks

vasildavid · ‎02-19-2016

Use buckets and break your stats down by _time.

| bucket _time span=5m 
  | stats count(eval(Login_Status)) AS Total, count(eval(Login_Status=302 AND Recruiter_Status=200 AND QuickSearch_Status=200)) AS Success by _time 
  | eval Division=Success/Total 
  | eval Percent=round ((Division)*100,2) 
  | eval Final=Percent + "%" 
  | table _time, Percent

View solution in original post

vasildavid · ‎02-19-2016

Use buckets and break your stats down by _time.

| bucket _time span=5m 
  | stats count(eval(Login_Status)) AS Total, count(eval(Login_Status=302 AND Recruiter_Status=200 AND QuickSearch_Status=200)) AS Success by _time 
  | eval Division=Success/Total 
  | eval Percent=round ((Division)*100,2) 
  | eval Final=Percent + "%" 
  | table _time, Percent

sidekix24 · ‎02-22-2016

Thanks vasildavid!!! That did the trick

How to edit my stats count search to chart a percentage trend over time?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms