Nope it gives an error 😞

now try, if it is successful accept the answer.

My previous search was intended for each failed connection from a client, now i changed for over all summary.

I just ran this and it worked perfectly!!'

Marry me 😛

great!! I'll convert this to an answer then you can accept it.

Its not working. Problem is that I cant use count in eval.

For example: Here Total_logins is count(status)

so I wrote: eval Total_logins=count(status), but it returns an error. Pls help!

Try this

yourquery| streamstats count(status) as Total|stats count(eval(Status!=200)) as Error by Status| eval Error_Rate = (Error/Total)*100

This doesn't work 😞 Help pls!

Try this

 index=akamai cp=654130 login| eventstats count (status) as Total|where status!=200| stats count(status) as Error, values(Total) as Total by status| eval error_rate= Error/Total

Well... the result displays the status, total_logins and number of errors. However, I want to display only the error rate and the status

You can add |fields error_rate status at the end of query

But there's no value for error_rate. It doesn't seem to be calculating it. I'm sorry for all the trouble 😞

Try this:

index=akamai cp=654130 login 
| eval error_ind = if(status=200,0,1) 
| stats count(status) as Total, sum(error_ind) as Errors by status 
| eval error_rate= (Errors/Total)*100
| fields error_rate status

@moizmmz did this help you at all?

@moizmmz what does your event look like and what are field names for status? Each event means a login?

Here's my query:

index=akamai cp=654130 login| stats count (status)

This basically gives me the total logins.

Next, status=200 gives me successful logins and status!=200 gives me failed logins.

You need to use stats in order to get your counts. I assumed you already had those counts.

hmm.. I still dont understand how to get them. pls help!!

For example: how would I get total_logins?