First of all I am very new to splunk! :)
My data can be simplified to look something like this.
Employee = (UniqueId Id, EmployeeId ManagerId)
So we have an employee record which has a Id field and a managerId field. The managerId field contains the Id of the manager who is also an employee.
So basically there can be records in employee which dont have managerId in them.
I wanted to do a splunk query that determines the % of employees that have manager.
Currently, I am doing something like this, which returns me the employees that have managers:
index=* host=* logRecordType=mytype managerId=* | timechart dc(Id) AS "Number of employees with manager" span=1d
However, I wanted to do something which will give me the % of employees that have manager over time
index=* host=* logRecordType=wousa|eval(managerId="*") as employeesWithManagers,count as Employees| eval(employeesWithManagers/Employees*100) as "% of total employess with managers"| --somehow timechart this over time?
The above query returns 0 for employeesWithManagers so I know thats incorrect.
Any suggestions on how to get to the promised land will help!
↧