Splunk AppDynamics
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Analytics search - ADQL Query to manipulate values from a header using mathematic experessions

CommunityUser
Splunk Employee
Splunk Employee
‎04-26-2018 12:56 PM

Hi,

we have a Analytics search query for a header  that returns the following payload.

{"QuoteID":"0409657629","Annual premium":"10115","Line of business":"bop","State":"ND","AgencyCode":"0004045","method":"getPPC"}

my query is

SELECT segments.httpData.headers.`application-data` AS "application-data", count(*) FROM transactions WHERE segments.httpData.headers.`application-data` = "{\"QuoteID\":\"*\",\"Annual premium\":\"*\",\"Line of business\":\"bop\",\"State\":\"UT\",\"AgencyCode\":\"*\",\"method\":\"getPPC\"}" 

We are using the above query so that i can get data for each state by changing the value for state with the relevant abrevation. In the example above UT can be changed to MN etc.

We are am looking for a way that I can get the "Total Premium" by addidng all the Annual Premium ammounts.

please check attached image which shows the search result. 

Is there a way we can use mathematical expression on part of the payload data.

Labels (1)
Labels
Analytic search query.png
Preview file
160 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

View solution in original post

Reply
Solved! Jump to solution

CommunityUser
Splunk Employee
Splunk Employee
‎10-24-2018 08:37 AM

Have not heard back from the Client.

will check and get back to you.
 
0 Karma
Reply
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

Reply
Get Updates on the Splunk Community!

Ask It, Fix It: Faster Investigations with AI Assistant in Observability Cloud

  Join us in this Tech Talk and learn about the recently launched AI Assistant in Observability Cloud. With ...

Index This | How many sides does a circle have?

  March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...
Top