Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to get a percentage calculation ?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-06-2020
10:14 AM
I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average response time i am calculating like this,
timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
I am looking for an output that should do a comparison of serv1 with other two and give me a result like below,
Serv1's avg_resp_time is 20 % higher than Serv2
Serv1's avg_resp_time is 10 % higher than Serv3
something like this.. I don't want an absolute value but a percent value and how much it is higher than Serv1.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
04-07-2020
02:55 AM
....
| timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
| eval result1="Serv1's avg_resp_time is ".case(serv1>serv2,(round(serv1/serv2*100))."% higher than Serv2", serv1<serv2,(round(serv2/serv1*100))."% lower than Serv2", true(), "same with Serv2")
| eval result2="Serv1's avg_resp_time is ".case(serv1>serv3,(round(serv1/serv3*100))."% higher than Serv3", serv1<serv3,(round(serv3/serv1*100))."% lower than Serv3", true(), "same with Serv3")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
04-07-2020
02:55 AM
....
| timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
| eval result1="Serv1's avg_resp_time is ".case(serv1>serv2,(round(serv1/serv2*100))."% higher than Serv2", serv1<serv2,(round(serv2/serv1*100))."% lower than Serv2", true(), "same with Serv2")
| eval result2="Serv1's avg_resp_time is ".case(serv1>serv3,(round(serv1/serv3*100))."% higher than Serv3", serv1<serv3,(round(serv3/serv1*100))."% lower than Serv3", true(), "same with Serv3")
Get Updates on the Splunk Community!
Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps
It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...
What’s New in Splunk Observability – September 2025
What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...
Fun with Regular Expression - multiples of nine
Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...
