It all works perfectly now that I do |fields at the right place. Thanks both for your help!

Using "%" in a field name could cause problems in some places, though you can deal with it by enclosing the field name with single quotes. In this case, it's not a problem.

yep, I could have been a bit clearer on that.

Also, I've never used '%' as part of a field name, could that be causing trouble, need quoting/escaping or something like that?

/k

kristian.kolb's suggestion works just fine. simply make sure you do | fields after both evals.

Unfortunately that does not work because both "eval %Accepted" and "eval $Rejected" need what is piped from the STATS function.

You need to have a pipe between the evals.

...| stats blaha | eval x=y/z | eval q=w/e

/k

No. Trying to simply append this line to the end of the working query does not work.
... eval %Rejected=round((Rejected/Requests*100))

For example, the below fails because of the last EVAL statement.

| stats count(eval(nps_packetType=1)) AS "Requests",
count(eval(nps_packetType=2)) AS "Accepted",
count(eval(nps_packetType=3)) AS "Rejected"
| eval %Accepted=round((Accepted/Requests*100))
eval %Rejected=round((Rejected/Requests*100))

I thought you just had all that in one query, i.e. the stats and the two eval statements. Did it not work?

/k

Thanks Kristian. That answers the 2nd portion of the question. Any idea on the first... how to display %Rejected along with %Accepted??