Re: 95 percentile

chaitu99 · ‎03-22-2013

How to check 95th percentile of a particular message (Ex: Message ok) which is coming 20 times.

Ex
03/22/2013 03:38:56.752 Message ok

which is coming 20 times.

Please tell me the same.

chaitu99 · ‎03-22-2013

Hello
My requiremet is if "message ok" will come in log file then that is successful.

i am running it 20 times, so 20 times "message ok" will come in log.
i have to check the 95th percentile of success rate.

chaitu99 · ‎03-22-2013

Hello
My requiremet is if "message ok" will come in log file then that is successful.

i am running it 20 times, so 20 times "message ok" will come in log.
i have to check the 95th percentile of success rate.

lpolo · ‎03-22-2013

You can use the perc()x(field) function. More information:

http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions

Example:
Let's say that your field OK="Message ok". Then, you could use the perc(x)(field) function as follow:

earliest=-1d@d latest=@d index=main sourcetype=messages|stats perc95(ok)

earliest=-7d@d latest=@d index=main sourcetype=messages|timechart span=d perc95(ok)

kristian_kolb · ‎03-22-2013

Have you checked the percX() function for stats?

http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Stats
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/CommonStatsFunctions

your search | stats perc95(your_field) | the rest of your search

/k

95 percentile

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Join the Conversation