Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Capture the total number of requests before rendering the chart.

terryloar
Path Finder
‎06-04-2012 11:08 AM

I'm charting some events BY Host which gives me the correct counts for each host. I would like to also display a "% Total Requests" on each line, but can't figure out how to capture the total number of requests before renderng the chart. In other words, I need to be able to do:

Requests / Total Requests for each line in the table.

This is the current search, without the Total Requests:

/nepoc_access.log.1" | lookup dnslookup ip AS client_ip | rename host AS Host | chart count(Host) AS Requests, sum(eval(file_size/1000000000)) AS GBytes by Host | sort 100 -Requests

And the Results are:

Host    Requests    GBytes

1 host1 1382 0.023790
2 host2 1072 0.011972
3 host3 660 0.006896

Tags (1)
0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎06-04-2012 12:33 PM 
/nepoc_access.log.1 
| lookup dnslookup ip AS client_ip
| rename host AS Host 
| chart count(Host) AS Requests,  sum(eval(file_size/1000000000)) AS GBytes by Host
| eventstats sum(Requests) as TotalRequests
| eval pctRequests=Requests/TotalRequests
| sort 100 -Requests
Reply

terryloar
Path Finder
‎06-05-2012 07:47 AM

Thanks, gkanapathy. It gave me just what I wanted.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...