Solved: How to get the max of p90 over a month ?

rahul_n · ‎04-29-2021

Hi.

I am trying to find max value of p90 over a month for 1 API.

The query I use for finding stats:

<basic splunk query>
| search API = API1
| stats p90(processing_time) as 90%_time by API

where processing_time is the time which would display the time used for finding p90.

Can someone help me with the query to find the max value of p90 calculated over a month ?

So that I can use that value to generate some kind of alerts.

Any help is greatly appreciated. Thanks.

tscroggins · ‎05-01-2021

@rahul_n

How are you binning your data for the initial set 90th percentile calculations? By day? By host? You can use bin, stats, timechart, etc. in various combinations to achieve your desired outcome. Here's one example with data initially binned by day:

<basic splunk query>
| search API = API1
| bin _time span=1d
| stats p90(processing_time) as p90_processing_time by _time API
| stats max(p90_processing_time) as 90%_time by API

View solution in original post

tscroggins · ‎05-01-2021

@rahul_n

How are you binning your data for the initial set 90th percentile calculations? By day? By host? You can use bin, stats, timechart, etc. in various combinations to achieve your desired outcome. Here's one example with data initially binned by day:

<basic splunk query>
| search API = API1
| bin _time span=1d
| stats p90(processing_time) as p90_processing_time by _time API
| stats max(p90_processing_time) as 90%_time by API

rahul_n · ‎05-09-2021

Thanks @tscroggins for the solution.

How to get the max of p90 over a month ?

chart

form

panel

single value

timechart

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?

How to get the max of p90 over a month ?