Solved: How to create a table on windowed count of api res...

anonym3421 · ‎03-23-2022

I have some api response logs separated by pipe. However there is already field extraction on api response time. the field value is something like "100 ms". I want to create a table on windowed count of api response time.

The final table I want to create is some thing like

responseTime count

5 ms. {count where responseTime <= 5ms}

10 ms {count where responseTime <= 10ms but >5ms}

I can create a simple count table by " base search | stats count by responseTime" which results like

responseTime count

1 ms 100

2 ms 30

How can I create this windowed stats?

ITWhisperer · ‎03-23-2022

Assuming responseTime is already measured in milliseconds:

base search 
| bin responseTime span=5s
| stats count by responseTime

The s is important otherwise you get a range of values.

View solution in original post

ITWhisperer · ‎03-23-2022

Assuming responseTime is already measured in milliseconds:

base search 
| bin responseTime span=5s
| stats count by responseTime

The s is important otherwise you get a range of values.

How to create a table on windowed count of api response time?

stats

table

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!