Splunk Search

How to combine 2 search results and calculate error rate?

haleefe
New Member

I am trying to determine the error rate.

Total Count per URI:

index=applogsprd java_class="*content.common.spring.LoggingInterceptor*” uri="*/api/v*"   | fields uri | stats Count as count,  by uri

Error Count per URI:

index=applogsprd java_class="*content.ws.rest.v1.error.ErrorHandler*" uri="*/api/v*" | fields uri | stats Count as errorCount,  by uri

The result I'm looking for is a table:
uri , totalCount, errorCount, error rate (errorCount/totalCount)

I've tried appendcols, but can't seem to make that work.

0 Karma

sundareshr
Legend

Try this

index=applogsprd uri="/api/v"  | stats count(eval(java_class="content.common.spring.LoggingInterceptor”)) as count count(eval(java_class="content.ws.rest.v1.error.ErrorHandler")) as error  | eval errorRate=error/count
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...