https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685997#M234072 <P>Thank you very match fro helping me!</P><P>This works now fine!</P><P>Have nice day!</P> Tue, 30 Apr 2024 14:27:30 GMT saidAb 2024-04-30T14:27:30Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685967#M234058 <P>Hi all,</P><P>A query, can calculate http calls, success responses and error response. I need an addition to the&nbsp; query to get how many requests are without response. I mean calls - success_respnses - erros_rsponse = null_responses.</P><P>Some good idea bout this? Thanks in advance!</P> Tue, 30 Apr 2024 12:35:51 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685967#M234058 saidAb 2024-04-30T12:35:51Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685971#M234061 <P>It depends on your data. Please can you share some sample anonymised represntative events in a code block so we can see what you are dealing with.</P> Tue, 30 Apr 2024 13:00:46 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685971#M234061 ITWhisperer 2024-04-30T13:00:46Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685973#M234062 <P>index="xxxx" sourcetype="xxxxx" message.request_path!=*/healthCheck</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | fillnull value=0 backend_time</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | stats count(eval('message.direction'="request")) as Calls, count(eval('message.response_code'="200")) as Success, count(eval('message.response_code'!="200")) as Error</P><P>E.g.</P><P>On the resuts, I see:&nbsp; Calls 27; Success 11; Error 6</P><P>I need also to see in the results, that there was no responses for 10 calls (null_resposes) as well.&nbsp;</P><P>&nbsp;</P> Tue, 30 Apr 2024 13:14:00 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685973#M234062 saidAb 2024-04-30T13:14:00Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685974#M234063 <LI-CODE lang="markup">index="xxxx" sourcetype="xxxxx" message.request_path!=*/healthCheck | fillnull value=0 backend_time | stats count(eval('message.direction'="request")) as Calls, count(eval('message.response_code'="200")) as Success, count(eval('message.response_code'!="200")) as Error | eval "No response"=Calls-Success-Error</LI-CODE> Tue, 30 Apr 2024 13:25:35 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685974#M234063 ITWhisperer 2024-04-30T13:25:35Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685981#M234064 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/267397">@saidAb</a>&nbsp;,</P><P>if you could share your search, it's easier to help you, anyway, I suppose that you are using eval instats, in this case, add the total count of events and calcuate as difference from this value.</P><P>e.g.</P><LI-CODE lang="markup">&lt;your_search&gt; | stats count(eval(status="success")) success_count count(eval(status="failed")) failed_count count | eval others=count-success_count-failed_count</LI-CODE><P>Ciao.</P><P>Giuseppe</P> Tue, 30 Apr 2024 13:35:32 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685981#M234064 gcusello 2024-04-30T13:35:32Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685986#M234067 <P>Thanks!</P><P>This works partially very good. It provides in the results all calls, success, errors and no_responses (for the calls where no_response happens) . However it ignores other calls where requests and responses are equal.</P> Tue, 30 Apr 2024 13:55:51 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685986#M234067 saidAb 2024-04-30T13:55:51Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685992#M234068 <P>Resolved. It works now correctly. I added 'by ...' and I see all the results.</P><P>Thank you very match!!!</P> Tue, 30 Apr 2024 14:15:54 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685992#M234068 saidAb 2024-04-30T14:15:54Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685994#M234070 <P>hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/267397">@saidAb</a>&nbsp;,</P><P>good for you, see next time!</P><P>Ciao and happy splunking</P><P>Giuseppe</P><P>P.S.: Karma Points are appreciated by all the contributors <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P> Tue, 30 Apr 2024 14:17:44 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685994#M234070 gcusello 2024-04-30T14:17:44Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685996#M234071 <P>Gratie&nbsp;<SPAN>Giuseppe!</SPAN></P><P><SPAN>See you next time!</SPAN></P><P><SPAN>Have a nice day.</SPAN></P> Tue, 30 Apr 2024 14:24:31 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685996#M234071 saidAb 2024-04-30T14:24:31Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685997#M234072 <P>Thank you very match fro helping me!</P><P>This works now fine!</P><P>Have nice day!</P> Tue, 30 Apr 2024 14:27:30 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/685997#M234072 saidAb 2024-04-30T14:27:30Z https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/686000#M234075 <P>Super! Thanks!</P> Tue, 30 Apr 2024 14:53:24 GMT https://community.splunk.com/t5/Splunk-Search/Splunk-queries/m-p/686000#M234075 saidAb 2024-04-30T14:53:24Z