I have two queries that I am running and I want to take the results / Count of these queries and divide them. I have seen several variances but I am still having issues trying to get my search correct.
Here is an example of my queries:
index=norlogs sourcetype="devicelog" category="NSException, on wi-fi:"
index=norlogs sourcetype="devicelog" category="FinishLaunching"
I would like to divide the first query by the last query and display a percentage. What would be the best way to accomplish this.
This is working but I am not getting percentages
index=norlogs sourcetype="devicelog" category="NSException"| stats count as TotalA | appendcols [search index=norlogs sourcetype="devicelog" category="FinishLaunching" | stats count as TotalB] | eval Total=TotalB/TotalA
