How to check 95th percentile of a particular message (Ex: Message ok) which is coming 20 times.
Ex 03/22/2013 03:38:56.752 Message ok
which is coming 20 times.
Please tell me the same.
Hello My requiremet is if "message ok" will come in log file then that is successful.
i am running it 20 times, so 20 times "message ok" will come in log. i have to check the 95th percentile of success rate.
You can use the perc()x(field) function. More information:
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions
Example: Let's say that your field OK="Message ok". Then, you could use the perc(x)(field) function as follow:
earliest=-1d@d latest=@d index=main sourcetype=messages|stats perc95(ok) earliest=-7d@d latest=@d index=main sourcetype=messages|timechart span=d perc95(ok)
Have you checked the percX() function for stats?
percX()
stats
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Stats http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions
your search | stats perc95(your_field) | the rest of your search
/k
