Solved: Re: Find the avg duration trend of top 5 api above...

limalbert · ‎03-04-2022

How can I find the avg duration trend (timechart) of top 5 (most used) api above 5 seconds. If api has the same total calls, pick the highest duration.

This is what I have so far.

<Search string>
| bin _time span=1m 
| eventstats count as total by api
| stats avg(kpi_value) as duration by _time api total
| where duration >5
| timechart eval(round(avg(duration),2)) as avg_duration by api where total in top5 limit=0

somesoni2 · ‎03-04-2022

Give this a try

<Search string>  
| bin _time span=1m 
| stats avg(kpi_value) as duration by _time api
| where duration >5
| timechart eval(round(avg(duration),2)) as avg_duration by api limit=5 useother=f

View solution in original post

somesoni2 · ‎03-04-2022

Give this a try

<Search string>  
| bin _time span=1m 
| stats avg(kpi_value) as duration by _time api
| where duration >5
| timechart eval(round(avg(duration),2)) as avg_duration by api limit=5 useother=f

limalbert · ‎03-07-2022

I had this originally, but I might have been overthinking this problem. Thanks!

How to find the average duration trend of top 5 api above 5 seconds?

chart

timechart

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?