Splunk AppDynamics
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Analytics search - ADQL Query to manipulate values from a header using mathematic experessions

CommunityUser
Splunk Employee
Splunk Employee
‎04-26-2018 12:56 PM

Hi,

we have a Analytics search query for a header  that returns the following payload.

{"QuoteID":"0409657629","Annual premium":"10115","Line of business":"bop","State":"ND","AgencyCode":"0004045","method":"getPPC"}

my query is

SELECT segments.httpData.headers.`application-data` AS "application-data", count(*) FROM transactions WHERE segments.httpData.headers.`application-data` = "{\"QuoteID\":\"*\",\"Annual premium\":\"*\",\"Line of business\":\"bop\",\"State\":\"UT\",\"AgencyCode\":\"*\",\"method\":\"getPPC\"}" 

We are using the above query so that i can get data for each state by changing the value for state with the relevant abrevation. In the example above UT can be changed to MN etc.

We are am looking for a way that I can get the "Total Premium" by addidng all the Annual Premium ammounts.

please check attached image which shows the search result. 

Is there a way we can use mathematical expression on part of the payload data.

Labels (1)
Labels
Analytic search query.png
Preview file
160 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

View solution in original post

Reply
Solved! Jump to solution

CommunityUser
Splunk Employee
Splunk Employee
‎10-24-2018 08:37 AM

Have not heard back from the Client.

will check and get back to you.
 
0 Karma
Reply
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

Reply
Get Updates on the Splunk Community!

Announcing the Expansion of the Splunk Academic Alliance Program

The Splunk Community is more than just an online forum — it’s a network of passionate users, administrators, ...

Learn Splunk Insider Insights, Do More With Gen AI, & Find 20+ New Use Cases You Can ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Top