TechQA.

SPLUNK enterprise i am trying to calculate results where if > 4% of failure is anomaly?

86 views Asked by At

SPLUNK enterprise i am trying to calculate results where > 4% of failure is anomaly. is formula correct? to set anomaly ?(failcount and total count fields are numeric)

| inputlookup sample.csv | eval isananomaly = if('Failcount' / 'Totalcount' * 100 > 4 , 1 , 0)

splunk splunk-query splunk-formula
Original Q&A
2

There are 2 answers

0
warren On BEST ANSWER

The logic appears correct, but why multiply by 100?

Save yourself a step:

| inputlookup sample.csv 
| eval isananomaly = if((Failcount / Totalcount) > .04 , 1 , 0)
2
parth On

this is correct logic

| inputlookup sample.csv | eval isananomaly = if((Failcount * 100 / Totalcount) > 4 , 1 , 0)

Related Questions in SPLUNK

Related Questions in SPLUNK-QUERY

Related Questions in SPLUNK-FORMULA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions