Part A:
index=web splunk_server_group=hotel sourcetype=hotellog eventname=hotel-book earliest=-3d| eval dateyearweek = strftime(_time, "%Y-%U")| stats count(eval(like(success,"false"))) as F, count(eval(like(success,"true"))) as S by sitename, dateyearweek | eval P=((S*100)/(S+F))| chart values(P) over sitename by dateyearweek
Part B:
index=web splunk_server_group=hotel sourcetype=hotellog eventname=hotel-book earliest=-3d| eval weeknumber= strftime(_time, "%Y-%U")| chart count by sitename, weeknumber
Requirement: I want to combine both outputs as 1 search query.
↧