Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Statistics: Creating Histogram out of a time bucketed Statictic

oldtester
Explorer
‎06-03-2015 08:17 AM

Excited to post my first Splunk question.

I want to perform statistical analysis on API response time that I get from our app server log.

The log format is:
timestamp1 API=<api1> ResponseTime=<R1>
timestamp2 API=<api2> ResponseTime=<R2>
timestamp3 API=<api3> ResponseTime=<R3>
timestamp1 API=<api1> ResponseTime=<R4>
..
..
For a week of data I want to plot the histogram of the hourly average of ResponseTime for api1.

I did the following query:
index=<index> api1|bucket _time span=1h|stats avg(ResponseTime) by _time

Now how do I take the result of the above query and build a histogram?

I did the following:
index=<index> api1|bucket _time span=1h|stats avg(ResponseTime) by _time as X|stats count(X)

But this query seems to be wrong.

Could you please recommend the correct query?

Reply
1 Solution
Solved! Jump to solution
Solution

oldtester
Explorer
‎06-03-2015 09:01 AM

Hi ngatchasandra,

It is not resulting in a series of values to plot a histogram. It is returning a single number(count).
What I am looking for is a frequency chart of hoourly average values .

I did the following:
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)
It is indeed giving a set of values for the average. Now, how in the search I do a frequency chart of these values?

View solution in original post

Reply
Solved! Jump to solution

oldtester
Explorer
‎06-03-2015 11:31 AM

Looks like it is working!. Just added bins=100 to your query.
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x) bins=100

Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-04-2015 05:48 AM

Please, you did not give me points . Perhaps it is to you even you have to give the points. Can you correct it?

0 Karma
Reply
Solved! Jump to solution
Solution

oldtester
Explorer
‎06-03-2015 09:01 AM

Hi ngatchasandra,

It is not resulting in a series of values to plot a histogram. It is returning a single number(count).
What I am looking for is a frequency chart of hoourly average values .

I did the following:
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)
It is indeed giving a set of values for the average. Now, how in the search I do a frequency chart of these values?

Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-03-2015 09:23 AM

Yes, try with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x)

0 Karma
Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-03-2015 08:49 AM

Hi oldtester,

Try with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats count(X) by _time

0 Karma
Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-03-2015 09:18 AM

Try now with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x)

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...