https://community.splunk.com/t5/Splunk-Search/Splunk-query-to-check-variation-in-processing-time-and-volume-in/m-p/543619#M153987 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/92551">@sahil237888</a>,</P><P>Please try below sample;</P><LI-CODE lang="markup">index=your_index earliest=-15m | timechart span=5m partial=f avg(response_time) as response_time sum(volume) as volume | autoregress response_time p=1 | autoregress volume p=1 | where response_time&gt;response_time_p1*1.6 OR volume&lt;volume_p1*0.5</LI-CODE> Sat, 13 Mar 2021 08:10:49 GMT scelikok 2021-03-13T08:10:49Z https://community.splunk.com/t5/Splunk-Search/Splunk-query-to-check-variation-in-processing-time-and-volume-in/m-p/543065#M153837 <P>Hi, Can anyone help, As I want to get an alert if : The volume gets drop or if processing time gets increased of a specific server when being compared with last 5 minutes - The query should use volume and average response of current 5 minutes and last 5 minutes. and then if there is difference in volume &lt; 50% or processing time &gt; 60% then alert.</P> Tue, 09 Mar 2021 17:13:25 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-query-to-check-variation-in-processing-time-and-volume-in/m-p/543065#M153837 sahil237888 2021-03-09T17:13:25Z https://community.splunk.com/t5/Splunk-Search/Splunk-query-to-check-variation-in-processing-time-and-volume-in/m-p/543619#M153987 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/92551">@sahil237888</a>,</P><P>Please try below sample;</P><LI-CODE lang="markup">index=your_index earliest=-15m | timechart span=5m partial=f avg(response_time) as response_time sum(volume) as volume | autoregress response_time p=1 | autoregress volume p=1 | where response_time&gt;response_time_p1*1.6 OR volume&lt;volume_p1*0.5</LI-CODE> Sat, 13 Mar 2021 08:10:49 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-query-to-check-variation-in-processing-time-and-volume-in/m-p/543619#M153987 scelikok 2021-03-13T08:10:49Z