Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to compare/graph two searches?

Pip9ball
Explorer
‎03-14-2023 04:01 PM

Hello All -

I need to be able to compare/graph regression test results from two different models.  The search command to create a table for one of the searches is:

index="frontEnd" source="regress_rpt" pipeline="my_pipe" version="23ww10b" dut="*"  (testlist="*") (testName="*") status="*" | table cyclesPerCpuSec wall_hz testPath rpt

This returns a table with 6 rows (As there are 6 tests per version).

Is there a way to compare the cyclesPerCpuSec of this search to a new search which has a different version?

I.e.

index="frontEnd" source="regress_rpt" pipeline="my_pipe" version="23ww10a" dut="*"  (testlist="*") (testName="*") status="*" | table cyclesPerCpuSec wall_hz testPath rpt

Thanks,

Pip

 

Labels (5)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

yeahnah
Motivator
‎03-15-2023 05:01 PM

Hi @Pip9ball 

Yes, the best way would be to transpose the output (switch columns and rows) and then diff the versions.  here's a run anywhere example using your result table example

| makeresults
| eval _raw="version test1 test2 test3 test4 test5
23ww10a 890.76 616.56 877.73 884.68 936.69
23ww10b 631.68 1400.73 659.00 741.34 742.44"
| multikv forceheader=1
| table version test*
``` ignore above - just creating dummy events ```
``` add the bit below to your search results ``` 
| transpose header_field=version column_name=test_run
| eval cycles_version_delta=('23ww10b' - '23ww10a')
,diff_percentage=round('cycles_version_delta'/'23ww10a' * 100, 1)
,status=if(diff_percentage < 10, "PASS", "FAIL")

yeahnah_0-1678924961428.png


If this answers your question, then please mark this with solution provided 

View solution in original post

Reply
Solved! Jump to solution

yeahnah
Motivator
‎03-14-2023 04:15 PM

Hi @Pip9ball 

Give this a go...

index="frontEnd" source="regress_rpt" pipeline="my_pipe" version IN("23ww10a", "23ww10b") dut="*"  (testlist="*") (testName="*") status="*" 
| timechart max(cyclesPerCpuSec) AS cyclesPerCpuSec BY version

 

Hope it helps

0 Karma
Reply
Solved! Jump to solution

Pip9ball
Explorer
‎03-14-2023 04:37 PM

Thanks for the quick reply.

 

This appears to be partially working.  I'm only getting results for one of the tests.

Pip9ball_3-1678837049333.png

 

 

Whereas my original search to generate the table is showing much more.

Pip9ball_2-1678836987312.png

Sorry for marking it up so much, but there is some stuff I can't share.  Basically it should be comparing cyclesPerCpuSec on the same testPath name across the two version.  Perhaps it's because the fullpath in the testPath is non-unique?  

Is there a way to just extract and compare just the last element of the testPath?  This way the names will be the same.

Thanks!

 

 

 

 

 

 

0 Karma
Reply
Solved! Jump to solution

yeahnah
Motivator
‎03-14-2023 06:36 PM

Hi @Pip9ball 

Yeah, you can strip the the last element out and use that to group over time 

index="frontEnd" source="regress_rpt" pipeline="my_pipe" version IN("23ww10a", "23ww10b") dut="*"  (testlist="*") (testName="*") status="*" 
| eval lastTestPathElement=replace(testPath, ".*/" ,"")
| eval grouping=version.":".lastTestPathElement
| timechart
     max(cyclesPerCpuSec) AS max:cyclesPerCpuSec
     avg(cyclesPerCpuSec) AS avg:cyclesPerCpuSec
  BY grouping

 
OR, if not interested in over time graph you can just chart the results

index="frontEnd" source="regress_rpt" pipeline="my_pipe" version IN("23ww10a", "23ww10b") dut="*"  (testlist="*") (testName="*") status="*" 
| eval lastTestPathElement=replace(testPath, ".*/" ,"")
| chart
     max(cyclesPerCpuSec) AS max:cyclesPerCpuSec
     avg(cyclesPerCpuSec) AS avg:cyclesPerCpuSec
  BY version lastTestPathElement

 

Reply
Solved! Jump to solution

Pip9ball
Explorer
‎03-15-2023 09:30 AM

@yeahnah - Thank you so much!

Is it possible to now perform some calculations on the results? 

The result of the search produces a table like:

versiontest1test2test3test4test5
23ww10a890.76616.56877.73884.68936.69
23ww10b631.681400.73659.00741.34742.44
      

 

What I'm trying to do is generate an alert if the test cyclesPerCpuSec increases by 10% from the latest version to the previous.

So is there a way to iterate over the table and do a comparison?

Thanks for all your help, Splunk is rather new to me 🙂

-Phil

0 Karma
Reply
Solved! Jump to solution
Solution

yeahnah
Motivator
‎03-15-2023 05:01 PM

Hi @Pip9ball 

Yes, the best way would be to transpose the output (switch columns and rows) and then diff the versions.  here's a run anywhere example using your result table example

| makeresults
| eval _raw="version test1 test2 test3 test4 test5
23ww10a 890.76 616.56 877.73 884.68 936.69
23ww10b 631.68 1400.73 659.00 741.34 742.44"
| multikv forceheader=1
| table version test*
``` ignore above - just creating dummy events ```
``` add the bit below to your search results ``` 
| transpose header_field=version column_name=test_run
| eval cycles_version_delta=('23ww10b' - '23ww10a')
,diff_percentage=round('cycles_version_delta'/'23ww10a' * 100, 1)
,status=if(diff_percentage < 10, "PASS", "FAIL")

yeahnah_0-1678924961428.png


If this answers your question, then please mark this with solution provided 

Reply
Solved! Jump to solution

Pip9ball
Explorer
‎03-16-2023 08:45 AM

@yeahnah - Thanks again for your help!  

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...