Splunk Observability Cloud
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk APM - Signalflow - merge data

dmoberg
Path Finder
‎03-02-2025 12:09 AM

I am getting the data extracted and published to a dashboard, but the problem is that the "Count" is published on separate rows, not merged in with the other rows. I want the count (from which the percentage is calculated) to end up as an additional column together with the Percentage, Route and Method.

This is the Signalflow I currently use:

B = data('http_requests_total', filter=filter('k8s.namespace.name', 'customer-service-pages-prd')).count()
A = data('http_requests_total', filter=filter('k8s.namespace.name', 'customer-service-pages-prd')).count(by=['route', 'method'])
Percentage=(A/B * 100)
Percentage.publish(label='Percentage')
A.publish('Count')

And this is how it looks:

dmoberg_0-1740902844941.png


Any ideas on how to merge the data so that also Count is on the same rows as the Percentage?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

livehybrid
Super Champion
‎03-02-2025 07:26 AM

Hi @dmoberg 

Using SignalFlow you will end up with multiple rows output because when you can only publish a single field, and multiple published MTS are not grouped.

As you're using a Table output you should have the option to select a "Group By" as per the example I put together below, however it is only currently possible to Group by a single field, which might not be what you are looking for?

livehybrid_0-1740929039093.png

 

You may be able to get around this by putting together a dashboard with a table for each METHOD you are interested in, and then have the method filtered and have a single group by route. Or use a single dashboard with a filter first to select a Method and then do the same group by route.

Sorry this might not be the answer you hoped for!

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

0 Karma
Reply

kiran_panchavat
Influencer
‎03-02-2025 02:36 AM

@dmoberg 

The query correctly aligns Percentage, Count, route, and method on the same rows, addressing your original issue.
 
| makeresults count=10
| streamstats count AS row_number
| eval route=case(row_number=1, "*.html", row_number=2, "*.html", row_number=3, "*.css", 
row_number=4, "*.js", row_number=5, "*", row_number=6, "*.html", 
row_number=7, "*.html", row_number=8, "*.html", row_number=9, "*", row_number=10, "*"),
method=case(row_number=1, "GET", row_number=2, "HEAD", row_number=3, "GET",
row_number=4, "GET", row_number=5, "GET", row_number=6, "POST",
row_number=7, "OPTIONS", row_number=8, "POST", row_number=9, "POST", row_number=10, "GET"),
Count=case(row_number=1, 50, row_number=2, 30, row_number=3, 30, row_number=4, 30,
row_number=5, 15, row_number=6, 12, row_number=7, 10, row_number=8, 5,
row_number=9, 6, row_number=10, 6)

| eventstats sum(Count) AS Total
| eval Percentage = round((Count / Total) * 100, 2)
| table Percentage, Count, route, method
| sort - Percentage

kiran_panchavat_0-1740911644350.png

 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

dmoberg
Path Finder
‎03-02-2025 02:53 AM

Your response is a solution for Splunk Core/Search not for Signalflow in Splunk APM.

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...