Splunk Search

Exclude search result

polymorphic
Communicator

Hi all

This might be very straight forward, but i cant get my head around it, so i hope someone is able to help me out.

The task is to show every hostname with a value greater than 5 on failedpct.

This is my search:

sourcetype=stats | stats first(customername) as customer, last(monPingGWCheck) AS upstatus, count, count(FailedModulesString) AS failedcount by hostname | eval failedpct=failedcount/count*100 | eval failedpct=if(upstatus == 1, failedpct, 0) | sort customer, -failedpct | table customer, hostname, upstatus, count, failedcount, failedpct

Any suggestion?

Tags (1)
0 Karma
1 Solution

Ayn
Legend
... | where failedpct>5

View solution in original post

Ayn
Legend
... | where failedpct>5

polymorphic
Communicator

As i said, VERY straight forward. 🙂
Thank you very much.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...