How can I use the same search to divide the results of a specific time frame with the total daily sum to get a percentage? My base query would be this:
(index=epackage OR index=dxprd01-epackage) flow_event=Package*
| stats sum(numberOfReports)
So basically I'm interested in getting the sum(numberOfReports) from 9-11am, then the sum(numberOfReports) total for the day, then divide the two and multiply by 100 (unless there's an easier way to get the percentage). I have no idea where to even start with this (or if it's even possible) so any help would be fantastic.
↧