Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

How to get a percentage calculation ?

zacksoft
Contributor
‎04-06-2020 10:14 AM

I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average response time i am calculating like this,

timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host

I am looking for an output that should do a comparison of serv1 with other two and give me a result like below,

Serv1's avg_resp_time is 20 % higher than Serv2
Serv1's avg_resp_time is 10 % higher than Serv3

something like this.. I don't want an absolute value but a percent value and how much it is higher than Serv1.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎04-07-2020 02:55 AM 
....
| timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
| eval result1="Serv1's avg_resp_time is ".case(serv1>serv2,(round(serv1/serv2*100))."% higher than Serv2", serv1<serv2,(round(serv2/serv1*100))."% lower than Serv2", true(), "same with Serv2")
| eval result2="Serv1's avg_resp_time is ".case(serv1>serv3,(round(serv1/serv3*100))."% higher than Serv3", serv1<serv3,(round(serv3/serv1*100))."% lower than Serv3", true(), "same with Serv3")

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

to4kawa
Ultra Champion
‎04-07-2020 02:55 AM 
....
| timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
| eval result1="Serv1's avg_resp_time is ".case(serv1>serv2,(round(serv1/serv2*100))."% higher than Serv2", serv1<serv2,(round(serv2/serv1*100))."% lower than Serv2", true(), "same with Serv2")
| eval result2="Serv1's avg_resp_time is ".case(serv1>serv3,(round(serv1/serv3*100))."% higher than Serv3", serv1<serv3,(round(serv3/serv1*100))."% lower than Serv3", true(), "same with Serv3")
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...