Splunk Search
Highlighted

How to generate a search to chart an average response time against a count of responses per minute?

Explorer

Hi guys

I'm trying to figure out how to generate a search to get the following graph:

x-axis - Number of responses per minute
y-axis - Response time

Essentially it's a throughput graph to show how the more responses the site gets per minute the longer the average response time is. My dataset has a response_time field within each event so no need to calculate that, but i'm struggling to figure out how to calculate an aggregated number of responses per minute and graph that against the average response time as the chart doesn't need to have a timeline axis. Any help appreciated!

0 Karma
Highlighted

Re: How to generate a search to chart an average response time against a count of responses per minute?

SplunkTrust
SplunkTrust

You want to chart avg no of responses per min (for selected time range) for each distinct value of response_time?

0 Karma
Highlighted

Re: How to generate a search to chart an average response time against a count of responses per minute?

Explorer

Response time for each distinct value of avg no of responses per minute (for selected time range) - so yes but displayed other way round?

EDIT: I may have just cracked it and found out it was easier than expected - using timechart span=1m count, avg(responsetime) as avgresponse_time i get the right data on the right axes - but i was initially concerned about making sure that the time wasn't on the x-axis... looks like that's not an issue

0 Karma
Highlighted

Re: How to generate a search to chart an average response time against a count of responses per minute?

SplunkTrust
SplunkTrust

That looks right. Please post the code as an answer to your own question and accept the answer.

0 Karma
Highlighted

Re: How to generate a search to chart an average response time against a count of responses per minute?

Explorer

Ok, looks like i found the answer myself - it's as simple as:


timechart span=1m count, avg(responsetime) as avgresponse_time

Thanks me!

View solution in original post

0 Karma