Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do we get the volume of txns that took between 1 to 3 seconds, 3 to 5 seconds and > 8 seconds in Splunk Search

rakeshreddy1230
Explorer
‎12-10-2020 10:17 AM

This is my query Sample:

index=X service_name=XY request_host=XYZ  | rex field=_raw "FId=(?<fi>\d+)" | rex field=request_route "^(?<route>.*)\?" | rex field=_id "^(?<route>.*)\?" | eval eTime = total_time | lookup FI_Name-ICA.csv ICA AS fi OUTPUT FI as fi | stats count(total_time) as TotalCalls, max(eTime) AS MaxTime, avg(eTime) as AvgTime, min(eTime) as MinTime,p90(total_time) as P90Time,p95(total_time) as P95Time by fi route | sort route, -count | table fi, route, TotalCalls,MaxTime,MinTime,P90Time,P95Time,AvgTime | sort by fi

I am trying to add columns for calls that took between 0 to 3 seconds 3 to 5 and > 8 seconds ???

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rakeshreddy1230
Explorer
‎01-19-2021 01:33 PM

index=XXX service_name=YYY request_host=ZZZ | rex field=_raw "AAA" | rex field=request_route "^(?<route>.*)\?" | rex field=_id "^(?<route>.*)\?" | eval pTime = total_time | eval TimeFrames = case(pTime<=1000, "0-1", pTime>1000 AND pTime<=3000, "1-3", pTime>3000 AND pTime<=5000, "3-5", pTime>5000 AND pTime<=8000, "5-8", pTime>8000, ">8") | stats count as CallVolume by route, TimeFrames | eventstats sum(CallVolume) as Total by route | eval Percentage=(CallVolume/Total)*100 | sort by route, -CallVolume | fields route,CallVolume,TimeFrames,Percentage | chart values(CallVolume) over route by TimeFrames | sort -TimeFrames

View solution in original post

Reply
Solved! Jump to solution
Solution

rakeshreddy1230
Explorer
‎01-19-2021 01:33 PM

index=XXX service_name=YYY request_host=ZZZ | rex field=_raw "AAA" | rex field=request_route "^(?<route>.*)\?" | rex field=_id "^(?<route>.*)\?" | eval pTime = total_time | eval TimeFrames = case(pTime<=1000, "0-1", pTime>1000 AND pTime<=3000, "1-3", pTime>3000 AND pTime<=5000, "3-5", pTime>5000 AND pTime<=8000, "5-8", pTime>8000, ">8") | stats count as CallVolume by route, TimeFrames | eventstats sum(CallVolume) as Total by route | eval Percentage=(CallVolume/Total)*100 | sort by route, -CallVolume | fields route,CallVolume,TimeFrames,Percentage | chart values(CallVolume) over route by TimeFrames | sort -TimeFrames

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-11-2020 06:02 AM

See if this does what you want.

index=X service_name=XY request_host=XYZ
| rex field=_raw "FId=(?<fi>\d+)" 
| rex field=request_route "^(?<route>.*)\?" 
| rex field=_id "^(?<route>.*)\?" 
| eval eTime = total_time 
| lookup FI_Name-ICA.csv ICA AS fi OUTPUT FI as fi 
| stats count(total_time) as TotalCalls, max(eTime) AS MaxTime, avg(eTime) as AvgTime, min(eTime) as MinTime,p90(total_time) as P90Time,p95(total_time) as P95Time, sum(eval(eTime<=3)) as Short, sum(eval((eTime>3) AND (eTime<=8))) as Medium, sum(eval(eTime>8)) as Long by fi route 
| sort route, -count 
| table fi, route, TotalCalls,MaxTime,MinTime,P90Time,P95Time,AvgTime,Short,Medium,Long
| sort by fi
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

rakeshreddy1230
Explorer
‎12-15-2020 07:44 PM

This didnt work, but i was able to do some research and get an answer to my question. Thanks 

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-16-2020 05:31 AM

Please share and accept your solution so others might benefit.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...