how to get 90% of max execution time

avadhutha — Fri, 23 Dec 2022 08:13:19 GMT

I have a requirement to pull 90% of max execution time.

Ex: I have 10 requests for an hour and it's execution times as below. Out of which if I take max(Executation_time) I will get 10 sec but I want to give 10% leverage and consider max Time from 90% of ExecutionTimes.

I will be getting total number of executation details(10 in this ex) through a seach like `stats count(_raw) by Hour'. Now I have to take 10% record counts and neglect those number of records to get 90% of max Time

Tra. Executation_Time

1. 10 Sec

2. 9 Sec

3. 8 sec

4. 7 sec

5. 6 sec

6. 5sec

7. 4 sec

8. 3 sec

9. 2 sec

10. 1 sec

Re: how to get 90% of max execution time

yuanliu — Sun, 25 Dec 2022 04:31:44 GMT

Not sure how to interpret "take 10% record counts and neglect those number of records to get 90% of max Time." So, I have make a blind guess: you want to count events whose Execution_Time is above 90% of maximum time. If so, eventstats is your friend.

| eventstats max(Execution_Time) as maxtime ``` max over entire search period ``` | where Execution_Time > 0.9 * maxtime | stats count by Hour ``` assuming a field named Hour exists ```

topic Re: how to get 90% of max execution time in Splunk Search

how to get 90% of max execution time

Re: how to get 90% of max execution time