Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do we get the volume of txns that took between 1 to 3 seconds, 3 to 5 seconds and > 8 seconds in Splunk Search

rakeshreddy1230
Explorer
‎12-10-2020 10:17 AM

This is my query Sample:

index=X service_name=XY request_host=XYZ  | rex field=_raw "FId=(?<fi>\d+)" | rex field=request_route "^(?<route>.*)\?" | rex field=_id "^(?<route>.*)\?" | eval eTime = total_time | lookup FI_Name-ICA.csv ICA AS fi OUTPUT FI as fi | stats count(total_time) as TotalCalls, max(eTime) AS MaxTime, avg(eTime) as AvgTime, min(eTime) as MinTime,p90(total_time) as P90Time,p95(total_time) as P95Time by fi route | sort route, -count | table fi, route, TotalCalls,MaxTime,MinTime,P90Time,P95Time,AvgTime | sort by fi

I am trying to add columns for calls that took between 0 to 3 seconds 3 to 5 and > 8 seconds ???

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rakeshreddy1230
Explorer
‎01-19-2021 01:33 PM

index=XXX service_name=YYY request_host=ZZZ | rex field=_raw "AAA" | rex field=request_route "^(?<route>.*)\?" | rex field=_id "^(?<route>.*)\?" | eval pTime = total_time | eval TimeFrames = case(pTime<=1000, "0-1", pTime>1000 AND pTime<=3000, "1-3", pTime>3000 AND pTime<=5000, "3-5", pTime>5000 AND pTime<=8000, "5-8", pTime>8000, ">8") | stats count as CallVolume by route, TimeFrames | eventstats sum(CallVolume) as Total by route | eval Percentage=(CallVolume/Total)*100 | sort by route, -CallVolume | fields route,CallVolume,TimeFrames,Percentage | chart values(CallVolume) over route by TimeFrames | sort -TimeFrames

View solution in original post

Reply
Solved! Jump to solution
Solution

rakeshreddy1230
Explorer
‎01-19-2021 01:33 PM

index=XXX service_name=YYY request_host=ZZZ | rex field=_raw "AAA" | rex field=request_route "^(?<route>.*)\?" | rex field=_id "^(?<route>.*)\?" | eval pTime = total_time | eval TimeFrames = case(pTime<=1000, "0-1", pTime>1000 AND pTime<=3000, "1-3", pTime>3000 AND pTime<=5000, "3-5", pTime>5000 AND pTime<=8000, "5-8", pTime>8000, ">8") | stats count as CallVolume by route, TimeFrames | eventstats sum(CallVolume) as Total by route | eval Percentage=(CallVolume/Total)*100 | sort by route, -CallVolume | fields route,CallVolume,TimeFrames,Percentage | chart values(CallVolume) over route by TimeFrames | sort -TimeFrames

Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-11-2020 06:02 AM

See if this does what you want.

index=X service_name=XY request_host=XYZ
| rex field=_raw "FId=(?<fi>\d+)" 
| rex field=request_route "^(?<route>.*)\?" 
| rex field=_id "^(?<route>.*)\?" 
| eval eTime = total_time 
| lookup FI_Name-ICA.csv ICA AS fi OUTPUT FI as fi 
| stats count(total_time) as TotalCalls, max(eTime) AS MaxTime, avg(eTime) as AvgTime, min(eTime) as MinTime,p90(total_time) as P90Time,p95(total_time) as P95Time, sum(eval(eTime<=3)) as Short, sum(eval((eTime>3) AND (eTime<=8))) as Medium, sum(eval(eTime>8)) as Long by fi route 
| sort route, -count 
| table fi, route, TotalCalls,MaxTime,MinTime,P90Time,P95Time,AvgTime,Short,Medium,Long
| sort by fi
---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

rakeshreddy1230
Explorer
‎12-15-2020 07:44 PM

This didnt work, but i was able to do some research and get an answer to my question. Thanks 

0 Karma
Reply
Solved! Jump to solution

richgalloway
SplunkTrust
SplunkTrust
‎12-16-2020 05:31 AM

Please share and accept your solution so others might benefit.

---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...