DEVHIDE
Login Or Sign up

How to display table of top 5 URL with their status and percentage on splunk

659 Views Asked by At

Need a table to show the top 5 URL as given below in Splunk. Is this possible in Splunk? I tried many ways but I can't get all status of a URL as a single row.

API                         200        204  400 401 499 500

/wodetails/ACP              895(50%)    -    -   -   -   1
splunk splunk-query splunk-formula
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

This is a case where the chart command can be used:

index="main"  source="access.log" sourcetype="access_combined"
| chart c(status) by uri, status
uri 200 204 400 499
/basic/status 11 1 1 1
/search/results 3 0 0 0

To add the percentages, you can use eventstats

index="main"  source="access.log" sourcetype="access_combined"

| eventstats count as "totalCount" by uri
| eventstats count as "codecount" by uri, status
| eval percent=round((codecount/totalCount)*100)

| eval cell=codecount." (".percent."%)"

| chart values(cell) by uri,status
uri 200 204 400 499
/basic/status 11 (79%) 1 (7%) 1 (7%) 1 (7%)
/search/results 3 (100%)

Related Questions in SPLUNK

Related Questions in SPLUNK-QUERY

Related Questions in SPLUNK-FORMULA

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.