Splunk AppDynamics
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Analytics search - ADQL Query to manipulate values from a header using mathematic experessions

CommunityUser
Splunk Employee
Splunk Employee
‎04-26-2018 12:56 PM

Hi,

we have a Analytics search query for a header  that returns the following payload.

{"QuoteID":"0409657629","Annual premium":"10115","Line of business":"bop","State":"ND","AgencyCode":"0004045","method":"getPPC"}

my query is

SELECT segments.httpData.headers.`application-data` AS "application-data", count(*) FROM transactions WHERE segments.httpData.headers.`application-data` = "{\"QuoteID\":\"*\",\"Annual premium\":\"*\",\"Line of business\":\"bop\",\"State\":\"UT\",\"AgencyCode\":\"*\",\"method\":\"getPPC\"}" 

We are using the above query so that i can get data for each state by changing the value for state with the relevant abrevation. In the example above UT can be changed to MN etc.

We are am looking for a way that I can get the "Total Premium" by addidng all the Annual Premium ammounts.

please check attached image which shows the search result. 

Is there a way we can use mathematical expression on part of the payload data.

Labels (1)
Labels
Preview file
160 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

View solution in original post

Reply
Solved! Jump to solution

CommunityUser
Splunk Employee
Splunk Employee
‎10-24-2018 08:37 AM

Have not heard back from the Client.

will check and get back to you.
 
0 Karma
Reply
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...