This is probably simpler than I'm thinking on a Friday morning, but with my limited Splunk experience I'm having issues coming up with a solution.
We have events with fields id, date, special_price and total_price. special_price may be null or 0 or have an integer value.
We currently have a search which gets the number of events that have a value for special_price and of those, calculates the percentage that special_price is of total_price:
source=order_log special_price > 0 | timechart span=1d count(id) AS numSpecialOrders, avg(eval((special_price/total_price)*100)) AS percOfTotalPrice
We want to switch this to rather than just getting the count of specialOrders (where special_price > 0) per day, we want to get the percentage of total events which have a special_price > 0, and of those, calculate the percOfTotalPrice.
So if there are 5000 events today and 500 have a value > 0 for special_price, and of those 500, the average percOfTotalPrice is 20%, we want: 2014-10-31, 10, 20
Thanks!
... View more