Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to get average response time (95%,99% and 100%)

Isaias_Garcia
Path Finder
‎08-18-2014 06:39 PM

I have the below data (response time) and I need to filter it from fastest to slowest response time and then get the following: Average Response Time (95%), Average Response Time(99%) and Average Response Time(100% ). What would be the right search query on this? I tried some suggestions here but cant get the right solutions.Please help.Thank you

Response_Time
0.625
2.133
2.773
5.191
2.471
2.124
2.066
0.795
1.239
2.958
6.197
2.582
0.779
1.63
2.029
2.653
0.98
2.975
6.814
6.661
0.963
2.064
0.966
1.56

Reply

vkari
New Member
‎01-27-2019 08:41 PM

index=myindex1
eventName=5000 --->have b(starting time and ending time ) and reference id
eventName=5001 --->have (starting time and ending time ) and reference id

here my condition if both event names - reference id are same then,
event 5000 stating time and event 5001 ending time and total duration of time and average time I need to show in dashboards
can you please provide query

0 Karma
Reply

Priya312
Explorer
‎02-25-2015 09:27 PM

Hi,

I'm also trying to get the best95, best96, best97, best98 and best99 stats for the response time avgs. Any luck on this?

0 Karma
Reply

AdsicSplunk
New Member
‎02-28-2018 01:45 AM

Hi @Isaias.Garcia,

Did you get any solution for your question? I am also having the same trouble. Could you please advise on this?

0 Karma
Reply

bwooden
Splunk Employee
Splunk Employee
‎08-18-2014 07:59 PM

Are you referring to the 95th percentile when you say average 95%?

If so, you can use the stats command's perc function (which may be abbreviated as p) along with average (avg), min and max functions. NB: All stats functions are listed here along with their description and usage notes: http://docs.splunk.com/Documentation/Splunk/6.1.3/SearchReference/CommonStatsFunctions

Putting them all together, you would end up with something like this (where ... represents your base search):

... | stats min(Response_Time) as RT_fastest max(Response_Time) as RT_slowest p95(Response_Time) as RT_p95 p99(Response_Time) as RT_p99 avg(Response_Time) as RT_avg
Reply

vijaysubramania
Path Finder
‎06-22-2020 11:05 AM

Thanks. I am able to get that in milliseconds but I want to convert the response time to Percent as well for reporting and compare it with earlier week, How to achieve that?

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...