How to compare average between two non-adjacent time periods?

BenTreeser — Thu, 01 Sep 2022 06:28:21 GMT

Hello,

what' the best way to compare averages between two non-adjacent time periods. I have bunch of api call events with response_time field. I need a dashboard, where I can see the performance difference between last month and current month.

If I try the following, somehow the averages are blank in dashboard, but click on the enlarging glass of the tile, I get a a search query with values. What am I missing?

Is there an even more efficient and faster way?

<form> <label>API Performance</label> <search id="multisearch"> <query>| multisearch [ search earliest=$periodBeforeTok.earliest$ latest=$periodBeforeTok.latest$ index=A my_search_query response_time=* | eval response_time_before=response_time | fields api_request response_time_before | eval timeSlot="1" ] [search earliest=$periodAfterTok.earliest$ latest=$periodAfterTok.latest$ index=A my_search_query | eval response_time_after=response_time | fields api_request response_time_after | eval timeSlot="2" ] </query> </search> <fieldset submitButton="true" autoRun="false"> <input type="time" token="periodBeforeTok"> <label>Before Time Period</label> <default> <earliest>1658707200</earliest> <latest>1659312000</latest> </default> </input> <input type="time" token="periodAfterTok"> <label>After Time Period</label> <default> <earliest>1659312000</earliest> <latest>1659916800</latest> </default> </input> </fieldset> <row> <panel> <table> <title>Query Stats</title> <search base="multisearch"> <query>| stats count as totalCount, count(eval(timeSlot=1)) as totalCountBefore, count(eval(timeSlot=2)) as totalCountAfter, avg(response_time_before) as response_time_before, avg(response_time_after) as response_time_after by api_request | eval response_time_before=round(response_time_before/1000,3) | eval response_time_after=round(response_time_after/1000,3) | eval delta_response_time=response_time_after-response_time_before | table api_request totalCountBefore totalCountAfter response_time_before response_time_after delta_response_time</query> </search> <option name="drilldown">cell</option> <option name="refresh.display">progressbar</option> </table> </panel> </row> </form>

Re: How to compare average between two non-adjacent time periods?

ITWhisperer — Wed, 31 Aug 2022 18:08:07 GMT

Is this just a typo? Your multisearch has fields api_api_request whereas your stats has api_request

Re: How to compare average between two non-adjacent time periods?

BenTreeser — Thu, 01 Sep 2022 06:25:39 GMT

ouh yeah, you are right. That was a typo. I've fixed the type now. The questions stays the same.

topic Re: How to compare average between two non-adjacent time periods? in Splunk Search

How to compare average between two non-adjacent time periods?

Re: How to compare average between two non-adjacent time periods?

Re: How to compare average between two non-adjacent time periods?