Splunk Search

Results in percentage

KarnN
Engager

Hello fellow Splunkers. I made a query that shows the right results. I would like to show these results in percentage.

This is my query:

index=hocus_pocus OR index=shazam
[| inputlookup Server_list.csv
| rename DnsName AS host
| fields host]
| fields host
| fields - _raw _time
| dedup host
| eval "logfound"="1"
| eval host=lower(host)
| addcoltotals
| tail 1
| fields logfound

Thanks guys

0 Karma

KarnN
Engager

Are there any other options?

0 Karma

mayurr98
Super Champion

can you try

index=hocus_pocus OR index=shazam 
    [| inputlookup Server_list.csv 
    | rename DnsName AS host 
    | fields host] 
| fields host 
| fields - _raw _time 
| dedup host 
| eval "logfound"="1" 
| eval host=lower(host) 
| eventstats sum(logfound) as total | eval perc=logfound/total*100 
0 Karma

KarnN
Engager

Hi mayurr98,

Thank you for the support. I tried this query. I get a overview of the hosts but no total percentage of the foundservers 😞

0 Karma

jpolvino
Builder

Please post a table or image showing what the output looks like now, and where you want percentages.

0 Karma

KarnN
Engager

Hi jpolvino, thanks for the response.
I basically want a percentage of the total. I now get a result of the total of 22 servers in total. 16 has been found. I want this to be displayed in percentage. I will place a image of the total

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...