Splunk AppDynamics
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Analytics search - ADQL Query to manipulate values from a header using mathematic experessions

CommunityUser
Splunk Employee
Splunk Employee
‎04-26-2018 12:56 PM

Hi,

we have a Analytics search query for a header  that returns the following payload.

{"QuoteID":"0409657629","Annual premium":"10115","Line of business":"bop","State":"ND","AgencyCode":"0004045","method":"getPPC"}

my query is

SELECT segments.httpData.headers.`application-data` AS "application-data", count(*) FROM transactions WHERE segments.httpData.headers.`application-data` = "{\"QuoteID\":\"*\",\"Annual premium\":\"*\",\"Line of business\":\"bop\",\"State\":\"UT\",\"AgencyCode\":\"*\",\"method\":\"getPPC\"}" 

We are using the above query so that i can get data for each state by changing the value for state with the relevant abrevation. In the example above UT can be changed to MN etc.

We are am looking for a way that I can get the "Total Premium" by addidng all the Annual Premium ammounts.

please check attached image which shows the search result. 

Is there a way we can use mathematical expression on part of the payload data.

Labels (1)
Labels
Analytic search query.png
Preview file
160 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

View solution in original post

Reply
Solved! Jump to solution

CommunityUser
Splunk Employee
Splunk Employee
‎10-24-2018 08:37 AM

Have not heard back from the Client.

will check and get back to you.
 
0 Karma
Reply
Solved! Jump to solution
Solution

CommunityUser
Splunk Employee
Splunk Employee
‎04-30-2018 01:36 AM

Hi Ajay,

From the screenshot attached, I can see that Annual Premium ammounts is part of an array of values which I believe is returned from your Data Collector.

So in this case, first you need to tune your Data Collctor config in a way that you only get the return of Annual Premium ammounts value and then you can use ADQL SUM function to sum the required values based on matching criteria.

https://docs.appdynamics.com/display/PRO44/Analytics+Functions

Let me know if this helps.

Thanks,

Deepanshu

Reply
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...
Top