Splunk Search

Calculate averaage response time when number of trx > x within last y hours

JYTTEJ
Communicator

I need to calculate average response time (ELT) by service (SVC) if number of trx by service is >5 within the last 4 hours

Following search result in a list of services where number of trx > 5 during the last 4 hours:

SEARCH earliest=-4h| STATS COUNT BY SVC | where COUNT>5

I now want to calculate AVG(ELT) for these services - but adding:

| timechart AVG(ELT) BY SVC

gives 0 results!

What do I do wrong?

Tags (1)
0 Karma
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

search earliest=-4h | stats count,avg(elt) by svc | where count > 5

View solution in original post

0 Karma

ziegfried
Influencer
earliest=-4h | stats count,avg(elt) as avg_elt by svc | where count>5 AND avg_elt>0.05
0 Karma

gkanapathy
Splunk Employee
Splunk Employee

search earliest=-4h | stats count,avg(elt) by svc | where count > 5

View solution in original post

0 Karma

JYTTEJ
Communicator

Thank you!Now I only want to see those svc where AVG(ELT) is greater than e.g. 0.05 - how do I do that?

0 Karma
.conf21 Now Fully Virtual!
Register for FREE Today!

We've made .conf21 totally virtual and totally FREE! Our completely online experience will run from 10/19 through 10/20 with some additional events, too!