Hello Splunk Gurus,
I am trying to generate tabular data for the API requests.
Following is the query to extract below table data
The FirstComp, SecondComp and ThirdComp are fields extracted at run time from log.
index=micro host=app150*usa.com "API Timeline" |
rex field=_raw "FirstCompTime:(?<FirstComp>[^\,]+)" |
rex field=_raw "SecondCompTime:(?<SecondComp>[^\,]+)" |
rex field=_raw "ThirdCompTime:(?<ThirdComp>[^\,]+)" | table FirstComp, SecondComp, ThirdComp
| FirstComp | SecondComp | ThirdComp |
| 78 | 25 | 31 |
| 80 | 22 | 34 |
| 81 | 26 | 36 |
Now I need to calculate the 95th and 99th percentile and making sure components name appear as part of first column as shown below-
| Components | 95th percentile | 99th percentile |
| FirstComp | 77 | 79 |
| SecondComp | 23 | 24 |
| ThirdComp | 32 | 35 |
The desired output should show 99th percentile & 95th percentile by different component id.
So eventually i want to bring column headers name as part of first column's value and next two column should have respective 99th percentile & 95th percentile.
Thanks in advance for your time and help.
Tanzy
