Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Dynatrace Application Performance Management: How ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I'm currently working with data from Dynatrace and I have a field that contains responseTime(in milisecond). I would like to use the chart percX(Y) function to make a result like this :
Percent | time_Seconds
10% | 1s
20% | 2s
30% | 6s
40% | 7s
50% | 8.5s
60% | 9s
70% | 9.1s
80% | 9.6s
90% | 10s
So I did something like this to get the precedent result :
my search| eval Percent="10%" | chart perc10(responsetime) as time_Seconds over Percent |
append [my search |eval Percent="20%"| chart perc20(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="30%"| chart perc30(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="40%"| chart perc40(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="50%"| chart perc50(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="60%"| chart perc60(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="70%"| chart perc70(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="80%"| chart perc80(responsetime) as time_Seconds over Percent] |
append [my search |eval Percent="90%"| chart perc90(responsetime) as time_Seconds over Percent] |
eval time_Seconds = time_Seconds/1000
But using subsearches is not optimal and I have some trouble with it. Anyone knows how to do it in a better way? Thank you!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Start with something like this, then reformat the results as needed with transpose or foreach.
| stats
perc10(avgdiskreadpersec_last) as 10%,
perc20(avgdiskreadpersec_last) as 20%
perc30(avgdiskreadpersec_last) as 30%,
perc40(avgdiskreadpersec_last) as 40%,
perc50(avgdiskreadpersec_last) as 50%,
perc60(avgdiskreadpersec_last) as 60%,
perc70(avgdiskreadpersec_last) as 70%,
perc80(avgdiskreadpersec_last) as 80%,
perc90(avgdiskreadpersec_last) as 90%
The transpose version looks like this...
| transpose
| rename row1 as time_Seconds, column as Percent
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Start with something like this, then reformat the results as needed with transpose or foreach.
| stats
perc10(avgdiskreadpersec_last) as 10%,
perc20(avgdiskreadpersec_last) as 20%
perc30(avgdiskreadpersec_last) as 30%,
perc40(avgdiskreadpersec_last) as 40%,
perc50(avgdiskreadpersec_last) as 50%,
perc60(avgdiskreadpersec_last) as 60%,
perc70(avgdiskreadpersec_last) as 70%,
perc80(avgdiskreadpersec_last) as 80%,
perc90(avgdiskreadpersec_last) as 90%
The transpose version looks like this...
| transpose
| rename row1 as time_Seconds, column as Percent
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes ! that's exactly it !
Thanks a lot,
Younes
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Index This | What travels the world but is also stuck in place?
Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data
Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...
