Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

query for percentage with count

asplunk123
New Member
‎01-13-2016 11:14 AM

I am trying to write a search, like Requests per second and its percentage based on total count. Please help me out in this. Thank you...

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎01-13-2016 11:23 AM

Try this

 index=someindex "priceRequest" |rex "some-app/(?<methodName>[a-zA-Z]*)" | rex "processingTime: (?<RTIME>[0-9]*)" | eval RTIME_SEC=(RTIME/1000) | eval group = case(RTIME_SEC < 1, "1 sec", RTIME_SEC < 2,"2 sec", RTIME_SEC < 3,"3 sec", RTIME_SEC < 4,"4 sec",RTIME_SEC < 5,"5 sec",RTIME_SEC < 6,"6 sec",RTIME_SEC>6,"Time Out")| stats count by group,methodName| eventstats sum(count) as total by methodName | eval Perc=round(count*100/total,2) | chart values(count) values(Perc) over group by methodName | appendpipe [| stats sum(*) as *  | eval group="Total" | table group *]

View solution in original post

Reply
Solved! Jump to solution
Solution

somesoni2
Revered Legend
‎01-13-2016 11:23 AM

Try this

 index=someindex "priceRequest" |rex "some-app/(?<methodName>[a-zA-Z]*)" | rex "processingTime: (?<RTIME>[0-9]*)" | eval RTIME_SEC=(RTIME/1000) | eval group = case(RTIME_SEC < 1, "1 sec", RTIME_SEC < 2,"2 sec", RTIME_SEC < 3,"3 sec", RTIME_SEC < 4,"4 sec",RTIME_SEC < 5,"5 sec",RTIME_SEC < 6,"6 sec",RTIME_SEC>6,"Time Out")| stats count by group,methodName| eventstats sum(count) as total by methodName | eval Perc=round(count*100/total,2) | chart values(count) values(Perc) over group by methodName | appendpipe [| stats sum(*) as *  | eval group="Total" | table group *]
Reply
Solved! Jump to solution

asplunk123
New Member
‎01-20-2016 03:23 PM

@somesoni2, yes i mean , interchange the columns.

here having 2 requests like priceRequest & priceResponse. actually having query for 1,2 columns are percentages of both requests and 3,4 column are count of both requests respectively. But i am expecting the query as like as Count(priceRequest ) Percentage(priceRequest ) Count(priceResponse) Percentage(priceResponse) respectively...

0 Karma
Reply
Solved! Jump to solution

asplunk123
New Member
‎01-13-2016 03:32 PM

@somesoni2, Please help me out here for interchange the location of fields

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎01-13-2016 05:08 PM

Not sure if I understand what you need? What is the search that you're trying (before the appendpipe) and what is the fieldnames that you see?

0 Karma
Reply
Solved! Jump to solution

asplunk123
New Member
‎01-13-2016 12:59 PM

how to add the Total field (row) in bottom of all adding all column values

0 Karma
Reply
Solved! Jump to solution

somesoni2
Revered Legend
‎01-13-2016 01:02 PM

You can use addcoltotals command for that. (add to the end)

0 Karma
Reply
Get Updates on the Splunk Community!

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...

.conf24 | Personalize your .conf experience with Learning Paths!

Personalize your .conf24 Experience Learning paths allow you to level up your skill sets and dive deeper ...

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...