Splunk Observability Cloud
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk APM - Signalflow - merge data

dmoberg
Path Finder
‎03-02-2025 12:09 AM

I am getting the data extracted and published to a dashboard, but the problem is that the "Count" is published on separate rows, not merged in with the other rows. I want the count (from which the percentage is calculated) to end up as an additional column together with the Percentage, Route and Method.

This is the Signalflow I currently use:

B = data('http_requests_total', filter=filter('k8s.namespace.name', 'customer-service-pages-prd')).count()
A = data('http_requests_total', filter=filter('k8s.namespace.name', 'customer-service-pages-prd')).count(by=['route', 'method'])
Percentage=(A/B * 100)
Percentage.publish(label='Percentage')
A.publish('Count')

And this is how it looks:

dmoberg_0-1740902844941.png


Any ideas on how to merge the data so that also Count is on the same rows as the Percentage?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎03-02-2025 07:26 AM

Hi @dmoberg 

Using SignalFlow you will end up with multiple rows output because when you can only publish a single field, and multiple published MTS are not grouped.

As you're using a Table output you should have the option to select a "Group By" as per the example I put together below, however it is only currently possible to Group by a single field, which might not be what you are looking for?

livehybrid_0-1740929039093.png

 

You may be able to get around this by putting together a dashboard with a table for each METHOD you are interested in, and then have the method filtered and have a single group by route. Or use a single dashboard with a filter first to select a Method and then do the same group by route.

Sorry this might not be the answer you hoped for!

Please let me know how you get on and consider adding karma to this or any other answer if it has helped.
Regards

Will

0 Karma
Reply

kiran_panchavat
SplunkTrust
SplunkTrust
‎03-02-2025 02:36 AM

@dmoberg 

The query correctly aligns Percentage, Count, route, and method on the same rows, addressing your original issue.
 
| makeresults count=10
| streamstats count AS row_number
| eval route=case(row_number=1, "*.html", row_number=2, "*.html", row_number=3, "*.css", 
row_number=4, "*.js", row_number=5, "*", row_number=6, "*.html", 
row_number=7, "*.html", row_number=8, "*.html", row_number=9, "*", row_number=10, "*"),
method=case(row_number=1, "GET", row_number=2, "HEAD", row_number=3, "GET",
row_number=4, "GET", row_number=5, "GET", row_number=6, "POST",
row_number=7, "OPTIONS", row_number=8, "POST", row_number=9, "POST", row_number=10, "GET"),
Count=case(row_number=1, 50, row_number=2, 30, row_number=3, 30, row_number=4, 30,
row_number=5, 15, row_number=6, 12, row_number=7, 10, row_number=8, 5,
row_number=9, 6, row_number=10, 6)

| eventstats sum(Count) AS Total
| eval Percentage = round((Count / Total) * 100, 2)
| table Percentage, Count, route, method
| sort - Percentage

kiran_panchavat_0-1740911644350.png

 

Did this help? If yes, please consider giving kudos, marking it as the solution, or commenting for clarification — your feedback keeps the community going!
0 Karma
Reply

dmoberg
Path Finder
‎03-02-2025 02:53 AM

Your response is a solution for Splunk Core/Search not for Signalflow in Splunk APM.

0 Karma
Reply
Get Updates on the Splunk Community!

The OpenTelemetry Certified Associate (OTCA) Exam

What’s this OTCA exam? The Linux Foundation offers the OpenTelemetry Certified Associate (OTCA) credential to ...

From Manual to Agentic: Level Up Your SOC at Cisco Live

Welcome to the Era of the Agentic SOC   Are you tired of being a manual alert responder? The security ...

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Welcome back to Splunk Classroom Chronicles, our ongoing series where we shine a light on what really happens ...