Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is my case command with less than or equal to operator not categorizing correctly?

lrnr01
Observer
‎03-29-2022 12:23 PM

Hi All,

I have the below line of code to categorize transactions based on the response time (duration) taken in seconds.

| eval ranges=case(Duration<=1,"less",Duration>1 and Duration<=3,"between",Duration>3,"greater")

Say i trigger a load test with 100 transactions which are  all taking between 1 to 3 Secs but surprisingly few txns say 1 to 4 txns out of 100 are NOT getting categorized in the table though their duration column has a value between 1 to 3 Secs. Can someone please let me know what is going wrong.

lrnr01_0-1648581733855.png

 

Labels (1)
Labels
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎03-29-2022 12:28 PM

Check if you're not having those values as strings. If so, you have to cast them to numbers by using tonumber().

0 Karma
Reply

lrnr01
Observer
‎03-29-2022 12:55 PM

@PickleRick , Thank you very much, that gave me a clue and i tried the below line (WORKED) and it worked.

| eval ranges=case(Duration<="1", "less", Duration>"1" AND Duration<="3", "between", Duration>"3", "greater")

INSTEAD OF (NOT WORKING)

| eval ranges=case(Duration<=1,"less",Duration>1 and Duration<=3,"between",Duration>3,"greater")

0 Karma
Reply
Get Updates on the Splunk Community!

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...

September Community Champions: A Shoutout to Our Contributors!

As we close the books on another fantastic month, we want to take a moment to celebrate the people who are the ...

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...