Timewise Distribution of Response Times of cs_uri_stem



I have the following query:

... | eval time_sec = round(time_taken/1000) | chart max(time_sec) as

max_response_time, min(time_sec) as min_response_time, avg(time_sec) as

avg_response_time by cs_uri_stem

This gives me avg. response time per page over a period of 7 days. One can

see that there is a big difference between the min, and max response time. I

want to see the distribution of response times of each of the pages at various

times of the day. The grouping may be done in 2 hours gaps.

cs_uri_stem date/time min max avg
x.aspx 27/02..2:00 1 5 3
y.aspx 27/02..4:00 1 4 3

Splunk Employee

Try this:

.. | eval time_sec = round(time_taken/1000) | timechart span=2h max(time_sec) AS max_response_time, min(time_sec) AS min_response_time, avg(time_sec) AS avg_response_time by cs_uri_stem

Hope this helps.

