Kibana Table (dashboard) - compute percentage when all row are filters

ctinp · September 22, 2023, 5:48pm

One of the fields in my logs contains a list of vulnerabilities separated by comma (e.g. attacks=XSS,SQLI,LOG4J.

In Kibana, I have created a table visualisation where each row is a filter for one of the signals (e.g. attack: XSS) -- please see also picture below. Now, I would like to add two columns:

one column should contain the count of how many times that specific vulnerability appears. This is quite easy and I managed to do it already.
the other column should contain the percentage calculated as "count from the column before" / "count of logs containing vulnerabilities"

I have spent too many hours already and ran out of things to try. Could you offer any suggestions?

Thank you.

Priscilla_Parodi · September 23, 2023, 9:34pm

Hello @ctinp,

Welcome to the community!

Did you try to do this with Kibana Lens? You can select the table visualization and then use formulas to perform math. The most common formulas divide two values to produce a percentage.

Percent of total example:

sum(products.base_price) / overall_sum(sum(products.base_price))

For detailed information on formulas, click i:

Hope it helps!

ctinp · September 23, 2023, 10:49pm

Hi Priscilla @Priscilla_Parodi , thank you for your reply. I tried to use the formula tab but I don't know how it can be applied to my use case. The count is not in any log field, so I am using a row filter to populate the table rows. I guess the formula would work if the vulnerabilities were stored separately, but my logs have multiple vulnerabilities stored in the same field (that's why I am using filters of the form vulnerbaility: *keyword*.

system · October 21, 2023, 10:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.