Splunk query for showing day wise percentage

Question

Ask: Generate a graph which should show day wise percentage of API success/Availability data in a Splunk dashboard.

Data(search based on specific string) is based on the total number of Success calls on API Named as 'ABC' and Total number of failure calls on API Named as 'ABC' for given period.

Appreciate any pointers for generating the Splunk query for displaying success percentage in day wise graph.

Query tried :

index=app_index "ABC Api call success"  
| stats count(unique_success_string) as sucessCall
| appendcols [search index=app_index "ABC Failure call" | stats(unique_failure_string) as fialuresCall] 
| eval percentage = (sucessCall/fialuresCall)*100 
| fields _time percentage

Do I understand correctly that your time period will be longer than a day? — PM 77-1, Nov 07 '22 at 16:01
@RichG example: if i select for last 3 days , graph not displaying percentage of success calls /day ? i m looking for that — fregp, Nov 07 '22 at 17:11
@PM77-1 yes, time period can be day / for longer period - graph should show day wise success percentage data — fregp, Nov 07 '22 at 17:12

score 1 · Answer 1 · answered Nov 07 '22 at 17:45

To get per-day statistics, the results need to broken up by day. Use the bin or timechart command for that. Also, the appendcols command is unnecessary as the stats and timechart commands can calculate two numbers at the same time.

index=app_index ("ABC Api call success" OR "ABC Failure call")
| bin span=1d _time
| stats sum(eval(match(_raw,unique_success_string))) as sucessCall,
        sum(eval(match(_raw,unique_failure_string))) as fialuresCall by _time
| eval percentage = (sucessCall/fialuresCall)*100 
| fields _time percentage

Splunk query for showing day wise percentage

1 Answers1