Hi Splunkers,

I am looking to display the data

Product 1
Seconds                    Cumulative response %           running average            Volume of transactions
<4.5 seconds
<5.5 seconds
<7.5 seconds
<25 seconds
>=30 seconds           100

Based on the below post i actually wrote the same thing and it works till 10 sec but not the same way as listed

https://community.splunk.com/t5/Splunk-Search/Grouping-by-numeric-range/m-p/27498

My query looks like

.....Search Query..... | eval frontEndLatency=frontEndLatency/1000 | sort 0 frontEndLatency | eventstats count as total | eval in_range=round(case(frontEndLatency<30, floor(2*frontEndLatency)/2+.5, frontEndLatency<10, ceil(frontEndLatency), frontEndLatency>=30,30.0),1)
| streamstats count as cnt avg(frontEndLatency) as run_avg
| stats first(total) as total last(run_avg) as run_avg max(cnt) as count count as cnt by in_range,product
| sort 0 in_range | eval range=if(frontEndLatency>=30, ">= 30.0 sec","< "+tostring(in_range)+" sec")
| eval pct=round(count/total*100,1)
| eval run_avg=round(run_avg,1)
| rename cnt as "Volume of Transactions" pct as "**bleep**. response %" run_avg as "Running Avg" | dedup range
| table range "**bleep**. response %" "Running Avg" "Volume of Transactions" | where range ="< 4.5 sec" OR range ="< 5.5 sec" OR range ="< 7.5 sec" OR range ="< 25.0 sec" OR range="< 30.0 sec"

It gives me the output as

range **bleep**. response % Running Avg Volume of Transactions
< 4.5 sec 4.7 1.3 2
< 5.5 sec 7.3 1.7 10
< 7.5 sec 26.5 2.8 21

But it does not gives the same table and thus i tried changing 

floor(4*frontEndLatency)/2+.5

or floor(8*frontEndLatency)/2+.5 and it gives me the table but wrong figures.

Kindly advise as I am unable to understand what exactly is happening here? Also I tried rangemap but its not working.

Thanks,

Amit