Hello Splunk Folks,
This question is a tagging point to my earlier question (answered one):
https://answers.splunk.com/answers/440170/how-to-edit-my-search-to-calculate-the-time-differ.html#an...
I was able to calculate the time difference between two events coming into our systems (with help of Splunk community folks). Now I am trying to achieve a difference target, but using the same data I used for my old request.
The data will consists of events (failed events) happening multiple times during a day (everyday) and I want to calculate and show the percentage of these events (failed events) for every day.
I used "percentile" for the output, but none of my combinations worked.
I need a good start for this request.
Any advice is appreciated.
Thanks
Vikram Yerneni
Give this a shot
index=dynatrace | eval failedEvents=if(searchmatch("failed events"),1,0) | timechart span=1d count as TotalEvents sum(failedEvents) as FailedEvents | eval FailedPercent=round(FailedEvents*100/TotalEvents,2)
Give this a shot
index=dynatrace | eval failedEvents=if(searchmatch("failed events"),1,0) | timechart span=1d count as TotalEvents sum(failedEvents) as FailedEvents | eval FailedPercent=round(FailedEvents*100/TotalEvents,2)
The logic worked like a charm Somesh.. I am validating the data. I will get back to you once I validate it.
Thanks again..
Vikram Yerneni