Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a chart of the error rate over time?

tmtcollins
Explorer
‎04-29-2022 11:49 AM

Hi, I would like to create a chart of the error rate over time.  I have data that shows status= DOWNLOAD_COMPLETE  and status = FAILD

I can calculate this for a point in time with the below. But can anyone help get the error rate over time?

 

 logType=error OR logType=service context=retrieve status=DOWNLOAD_COMPLETE OR status=FAILED 
|  stats count(correlationId) as total_count by status  | transpose header_field=status 
| eval errorRate=FAILED/(FAILED+DOWNLOAD_COMPLETE)*100
| table DOWNLOAD_COMPLETE, FAILED, errorRate

 

Labels (4)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-29-2022 12:13 PM

This should do it.

 logType=error OR logType=service context=retrieve status=DOWNLOAD_COMPLETE OR status=FAILED 
| timechart count(correlationId) as total_count by status
| eval errorRate=FAILED/(FAILED+DOWNLOAD_COMPLETE)*100
---
If this reply helps you, Karma would be appreciated.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎04-29-2022 12:13 PM

This should do it.

 logType=error OR logType=service context=retrieve status=DOWNLOAD_COMPLETE OR status=FAILED 
| timechart count(correlationId) as total_count by status
| eval errorRate=FAILED/(FAILED+DOWNLOAD_COMPLETE)*100
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Solved! Jump to solution

tmtcollins
Explorer
‎04-29-2022 12:15 PM

Worked perfectly! thanks

 

Tags (1)
0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...