SPLUNK enterprise i am trying to calculate results where if > 4% of failure is anomaly?

SPLUNK enterprise i am trying to calculate results where > 4% of failure is anomaly. is formula correct? to set anomaly ?(failcount and total count fields are numeric)

| inputlookup sample.csv | eval isananomaly = if('Failcount' / 'Totalcount' * 100 > 4 , 1 , 0)

Solution

The logic appears correct, but why multiply by 100?

Save yourself a step:

| inputlookup sample.csv 
| eval isananomaly = if((Failcount / Totalcount) > .04 , 1 , 0)

How to determine the length of an array field in Splunk?
Splunk query to find those final results that has events with unique combination of values of two keys in results of main search criteria
login-info.cfg Splunk file semantic and structure
Splunk SignalFX Synthetics: Is it possible to retrieve environment variable values in Javascript
query splunk query joining 2 data tables
Form a results table view from splunk multiple logs
Exclude unnecessary logs being sent to splunk cloud platform
How to Attach Splunk Search Results In JIra Via Terraform Automation?
Regex Substitue only on a specific group - sedcmd (Splunk)
Regex to only return matches when followed by a specific word
embeding conf files into helm chart
Splunk Logs for Faster Queries, with Category Boolean true
How to create a timechart in splunk for the timestamp and extracted field?
Match regex named group up until optional word
How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
Splunk result in Table format
Splunk: How to compute the difference of timestamps by id?
SPLUNK: How can I count events by location with a list of SERVERNAME's?
How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
Java 11 HttpClient - POST issue
Flume sink to Splunk?
Questions related to splunk builtin macros in correlation search
how to send the local file using splunk forwarder docker image?
A table of counts of http status by URL
How do I use a specific date/time in Splunk dashboard with earliest and latest?
Splunk - Handling a blank token for a dashboard search
Splunk - Extracting from search results using regex and aggregates
Splunk - Grouping by distinct field with stats of another field
Trying to log to Splunk using logback appender
How can I download infinite results from a Splunk Search to Export the Data