Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Calculate the average of 99th percentile
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shashank_24
Path Finder
01-24-2021
03:43 PM
Hi, I am working on a query where I need to calculate the average of 99th percentile values over a 5 minute period of time for last 24 hours by serviceName. serviceName is nothing but the web service called by consumer and i am looking to have the response time of some services.
Below is my query -
index=myapp_prod sourcetype=service_log serviceName=service1 OR serviceName=service2 OR serviceName=service3
| eval responseTime= responseTime/1000000
| timechart span=5m p99(responseTime) as 99thPercentile by serviceName useother=falsewhich gives a table like this -
| _time | service1 | service2 | service3 |
| 00:05 | 1.2 | 0.8 | 2.4 |
| 00:10 | 1.7 | 0.34 | 2.8 |
| 00:15 | 1.5 | 1.2 | 3.4 |
What i want is calculate the average of these and put it in another table. Something like this -
| serviceName | responseTime |
| service1 | 1.37 |
| service2 | 0.4 |
| service3 | 2.1 |
Hope someone can help.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
01-24-2021
08:01 PM
Try
index=myapp_prod sourcetype=service_log serviceName=service1 OR serviceName=service2 OR serviceName=service3
| eval responseTime= responseTime/1000000
| timechart span=5m p99(responseTime) as 99thPercentile by serviceName useother=false
| untable _time,service,responseTime
| stats avg(responseTime) as responseTime by service
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
renjith_nair
Legend
01-24-2021
08:01 PM
Try
index=myapp_prod sourcetype=service_log serviceName=service1 OR serviceName=service2 OR serviceName=service3
| eval responseTime= responseTime/1000000
| timechart span=5m p99(responseTime) as 99thPercentile by serviceName useother=false
| untable _time,service,responseTime
| stats avg(responseTime) as responseTime by service
---
What goes around comes around. If it helps, hit it with Karma 🙂
What goes around comes around. If it helps, hit it with Karma 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
shashank_24
Path Finder
01-27-2021
10:19 AM
Perfect It worked like charm. Thanks @renjith_nair
Get Updates on the Splunk Community!
Detecting Brute Force Account Takeover Fraud with Splunk
This article is the second in a three-part series exploring advanced fraud detection techniques using Splunk. ...
Buttercup Games: Further Dashboarding Techniques (Part 9)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
Buttercup Games: Further Dashboarding Techniques (Part 8)
This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...
