I have following splunk fields
Date,Group,State
State can have following values InProgress|Declined|Submitted
I like to get following result
Date. Group. TotalInProgress. TotalDeclined TotalSubmitted. Total
-----------------------------------------------------------------------------
12-12-2021 A. 13. 10 15 38
I couldn't figured it out. Any help would be appreciated
Perhaps this example query will help.
| makeresults | eval _raw="Date,Group,State
12-12-2021,A,InProgress
12-12-2021,B,InProgress
12-12-2021,A,Declined
12-12-2021,A,InProgress
12-12-2021,A,Submitted
12-12-2021,B,Submitted
12-12-2021,A,InProgress
12-12-2021,A,InProgress
12-12-2021,B,Declined
12-12-2021,A,InProgress
12-12-2021,A,Submitted
12-12-2021,A,Submitted"
| multikv forceheader=1
```Above lines just set up test data```
```Set variables based on the State field```
| eval InProgress=if(State="InProgress", 1, 0), Declined=if(State="Declined", 1, 0), Submitted=if(State="Submitted", 1, 0)
```Count events```
| stats count as Total, sum(InProgress) as TotalInProgress, sum(Declined) as TotalDeclined, sum(Submitted) as TotalSubmitted by Date,Group
| table Date Group TotalInProgress TotalDeclined TotalSubmitted Total
Related
I have data that is displayed in Splunk query as below: (data for 3 column displayed in 3 separate rows)
|Date |Tier 1|Tier 2|Tier 3
|1/1/2022|33|BLANK|BLANK
|1/1/2022|BLANK |56|BLANK
|1/1/2022|BLANK|BLANK|121
|1/2/2022|21|BLANK|BLANK
|1/2/2022|BLANK |78|BLANK
|1/2/2022|BLANK|BLANK|543
I need to display data as follows in the table
|Date |Tier 1|Tier 2|Tier 3
|1/1/2022|33|56|121
|1/2/2022|21|78|543
Here's a small snippet of my query
|eval Tier1=(StatusCode>400)
|eval Tier2=(StatusCode>499)
|eval Tier3=(StatusCode>500)
| fields Date Tier1 Tier2 Tier3
| sort Date
To regroups the results, use the stats command.
| eval Tier1=(StatusCode>400)
| eval Tier2=(StatusCode>499)
| eval Tier3=(StatusCode>500)
| fields Date Tier1 Tier2 Tier3
| stats values(*) as * by Date
I want to display a table in my dashboard with 3 columns called Search_Text, Count, Count_Percentage
How do I formulate the Splunk query so that I can display 2 search query and their result count and percentage in Table format.
Example,
Heading Count Count_Percentage
SearchText1 4 40
SearchText2 6 60
The below query will create a column named SearchText1 which is not what I want:
index=something "SearchText1" | stats count AS SearchText1
Put each query after the first in an append and set the Heading field as desired. Then use the stats command to count the results and group them by Heading. Finally, get the total and compute percentages.
index=foo "SearchText1" | eval Heading="SearchText1"
| append [ | search index=bar "SearchText2" | eval Heading="SearchText2" ]
| stats count as Count by Heading
| eventstats sum(Count) as Total
| eval Count_Percentage=(Count*100/Total)
| table Heading Count Count_Percentage
Showing the absence of search results is a little tricky and changes the above query a bit. Each search will need its own stats command and an appendpipe command to detect the lack of results and create some. Try this:
index=main "SearchText1"
| eval Heading="SearchText1"
| stats count as Count by Heading
| appendpipe
[ stats count
| eval Heading="SearchText1", Count=0
| where count=0
| fields - count]
| append
[| search index=main "SearchText2"
| eval Heading="SearchText2"
| stats count as Count by Heading
| appendpipe
[ stats count
| eval Heading="SearchText2", Count=0
| where count=0
| fields - count] ]
| eventstats sum(Count) as Total
| eval Count_Percentage=(Count*100/Total)
| table Heading Count Count_Percentage
The column "activitie_time_enter" has the times.
The column "activitie_still" indicates the type of activity.
The column "activitie_walking" indicates the other type of activity.
Table example:
activitie_time_enter | activitie_still | activitie_walking
17:30:20 | Still |
17:31:32 | Still |
17:32:24 | | Walking
17:33:37 | | Walking
17:34:20 | Still |
17:35:37 | Still |
17:45:13 | Still |
17:50:23 | Still |
17:51:32 | | Walking
What I need is to sum up the total minutes for each activity separately.
Any suggestions or solution?
First calculate the duration for each activity (the with CTE) and then do conditional sum.
with t as
(
select
*, lead(activitie_time_enter) over (order by activitie_time_enter) - activitie_time_enter as duration
from _table
)
select
sum (duration) filter (where activitie_still = 'Still') as total_still,
sum (duration) filter (where activitie_walking = 'Walking') as total_walking
from t;
/** Result:
total_still|total_walking|
-----------+-------------+
00:19:16| 00:01:56|
*/
BTW do you really need two columns (activitie_still and activitie_walking)? Only one activity column with those values will do. This will allow more activities (Running, Sleeping, Working etc.) w/o having to change the table structure.
I am trying to create a custom SQL report that will give me a percentage of DispositionCodes that are clicked after a customer service rep ends a call with a customer.
I am currently using a COUNT Alias to count how many times a Disposition code is assigned to a customer call. I would then like to summarize that DispositionCount alias into another column called "Total". Then I would like to see the percentage of times that a disposition code is selected by calculating DispositionCount / Total. Is it possible to SUM an alias to give me a Total count, and then calculate a percentage based off of two Alias columns?
CURRENT QUERY:
SELECT
WrapupData,
ISNULL(WrapupData, 'No Dispos Code Entered') as DispositionCode,
COUNT(CASE WHEN WrapupData IS NULL THEN 0 ELSE 1 END) AS DispositionCount
FROM Termination_Call_Detail tcd
LEFT JOIN dbo.t_Call_Type ct ON ct.CallTypeID = tcd.CallTypeID
GROUP BY
WrapupData
CURRENT OUTPUT
+---------------------+-------------------------+---------------------+
| | | |
+---------------------+-------------------------+---------------------+
| WrapupData | DispositionCode | DispositionCount |
| NULL | No Dispos Code Entered | 8 |
| Appointment Request | Appointment Request | 3 |
+---------------------+-------------------------+---------------------+
DESIRED OUTPUT
+---------------------+-------------------------+------------------+------------------+
| WrapupData | DispositionCode | DispositionCount |Total | Percentage|
| NULL | No Dispos Code Entered | 8 | 11 | 72.72 |
| Appointment Request | Appointment Request | 3 | 11 | 27.27 |
+---------------------+-------------------------+------------------+------------------+
I have tried count(sum(WrapupData))
but WrapupData is varchar and invalid for sum operator.
I have also tried count(sum(DispositionCount))
but DispositionCount comes back as an Invalid column name (I'm assuming because it's an Alias and is only temporary)
Any help or suggestions would be greatly appreciated!
You could use analytic functions here:
SELECT
WrapupData,
ISNULL(WrapupData, 'No Dispos Code Entered') AS DispositionCode,
COUNT(WrapupData) AS DispositionCount,
SUM(COUNT(WrapupData)) OVER () AS Total,
100.0 * COUNT(WrapupData) / SUM(COUNT(WrapupDatalse)) OVER () AS Percentage
FROM Termination_Call_Detail tcd
LEFT JOIN dbo.t_Call_Type ct
ON ct.CallTypeID = tcd.CallTypeID
GROUP BY
WrapupData;
The here is to use SUM() with a window over the entire table, post aggregation, to find the total. We can also find the percentage by normalizing the count using this sum.
I'm wondering if in MySQL you are able to find a range within values along with the average in a query. Assume the table below please:
-----------------------------------------
| ID | VALUE |
-----------------------------------------
| 1 | 30 |
-----------------------------------------
| 2 | 50 |
-----------------------------------------
| 3 | 10 |
-----------------------------------------
Range Low would be 10, range High would be 50, average would be 30.
Is there query that would allow me to grab these values without pulling them down into php and then sorting the array, and finding the average that way?
Cheers
SELECT Avg(Value), Max(Value), Min(Value) FROM tableName
See also MySQL Aggregate Functions
Is this what you want?
select min(value) as low, max(value) as high, avg(value) from table_name