Dashboards & Visualizations
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Help with Arthematic calculations

manikath_kaleru
New Member
‎08-29-2022 06:16 PM

I need to calculate count of the good 15 minute intervals where (status code = 200 AND average response time < 300 milliseconds AND 99.99th percentile response time < 1500 milliseconds ) / the total count of the intervals * 100. Could someone help. Where I already have status code and response time in two separate fields

Labels (1)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎08-29-2022 11:49 PM

Hi @manikath_kaleru,

it's not clear for me the last condition, but, following my approach you can modify this search adding the missing condition.

Anyway, you have to insert some conditions in the main search and some others after the stats calculation, something like this:

index=your_index status=200
| stats avg(response_time) AS avg_response_time 99perc(response_time) AS 99_response_time
| where avg_response_time<300 AND 99_response_time<1500

 Ciao.

Giuseppe

0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎08-29-2022 11:45 PM

Hi

I'm not sure what you are meaning by " (status code = 200 AND average response time < 300 milliseconds AND 99.99th percentile response time < 1500 milliseconds ) / the total count of the intervals * 100" ?

But here is example with splunkd_ui_access for status=200 avg_resp_time < 300 and p99 < 1500 (unfortunately splunk's percentile function don't support decimals, only integers are supported).

index=_internal source="*/var/log/splunk/splunkd_ui_access.log" sourcetype=splunkd_ui_access status=200 earliest=-15m
| eventstats avg(spent) as avg_resp_time p99(spent) as p99_resp_time
| where avg_resp_time < 300 AND p99_resp_time < 1500

If you want sliding 15m then you should change eventstats to  streamstats.

r. Ismo

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...