Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a table listing service request, Avg responsetime, subsystem, and Error Rate/hr in a specific format?

jagadish85
Path Finder
‎08-20-2015 09:07 AM

I have to create a dashboard in the below table format. Intention is to create a dashboard showing the number of requests per hour that each service is handling, its status, responsetime, and Errors grouped by Subsystem under which each service belongs.

My sample Log:

2015-08-19 16:01:51 SubsystemName=AAA; Service=S1;version=1;duration=100ms;RequestStatus=Success
2015-08-19 16:02:51 SubsystemName=AAA; Service=S1;version=1;duration=10ms;RequestStatus=Success
2015-08-19 16:01:51 SubsystemName=AAA; Service=S2;version=1;duration=60ms;RequestStatus=FAILURE
2015-08-19 16:01:51 SubsystemName=BBB; Service=S1;version=2;duration=120ms;RequestStatus=Success

alt text

Now clicking on any service, say S1 (of Subsystem AAA), should give a timechart of TotalRequests/Errors per period for that service under subsystem AAA

Preview file
9 KB
0 Karma
Reply

somesoni2
Revered Legend
‎08-20-2015 10:42 AM

Try something like this

Your base search | bucket span=1h _time | eval duration=replace(duration,"(\d+)(\w+)","\1") | eval Fail=if(RequestStatus="FAILURE",1,0) |stats count as RequestPerHr avg(duration) as AvgResponse,sum(Fail) as ErrorCount by SubsystemName,ServiceName,ServiceVersion

For how much timerange this search is running?

0 Karma
Reply

jensonthottian
Contributor
‎08-20-2015 10:22 AM

for per hour results use :

|bucket _time span=1h |stats count by _time

Add the average, min , max, requests to the query as you had done above.

0 Karma
Reply

jagadish85
Path Finder
‎08-20-2015 09:54 AM

|eval event=1|stats avg(duration) as AvgResponse,count(eval(RequestStatus="FAILURE")) as ErrorCount,sum(event) as Requests by SubsystemName,ServiceName,ServiceVersion is not giving me the exact table format I wanted (not merging Subsystem in to one row).

also how to get Requests/hour,Errors/hr as well.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...