Hi,
We are looking for a splunk query using which we have to create a dashboard to show average and maximum TPS for all the services get triggered during the given time frame.
First we need to calculate the TPS for all the services second wise and then from that data set we have to calculate Max, Min and Avg TPS.
for example-
for service1 and service2 we have below TPS value second wise (there is no field called TPS, we have to calculate it first)-
Time--------Service1 - Service2
0:00:01 -------10-----------15
0:00:02 -------12-----------18
0:00:03 -------14-----------12
0:00:04 -------8-----------10
Then our table should be looking like this-
Service Name ------------ Max TPS ----------- Min TPS -------- Avg TPS
Service1 -------------------- 14 ----------- 8 ---------- 11
Service2 -------------------- 18 ----------- 10 ------------ 13.75
We have used below query which is giving only second wise TPS for each service but not able to apply min, max, avg on that-
** Search string | timechart count by host span=1s**
Looking for your support.
Thanks,
Sourav
Once again... 🙂
index=whatever yoursearchterms
| bin _time span=1s
| stats count AS TPS by _time service
| stats max(TPS) AS "NaxTPS" min(TPS) AS "MinTPS" avg(TPS) AS "AVG TPS" by service
Try this. 🙂
Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂
Once again... 🙂
index=whatever yoursearchterms
| bin _time span=1s
| stats count AS TPS by _time service
| stats max(TPS) AS "NaxTPS" min(TPS) AS "MinTPS" avg(TPS) AS "AVG TPS" by service
Try this. 🙂
Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂
Hello,
I am trying to get the following results in the table using following query however query seems to be not working correctly can someone please guide on this ?
RESULTS Expected :
Consumer MaxTPS MinTPS AvgTPS peakTime
TEST1 123 60 45 11/09/22 09:47:08
Query :
index=whatever yoursearchterms
| bin _time span=1s
| stats count AS TPS by _time service
| eventstats max(TPS) as peakTPS
| eval peakTime=if(peakTPS==TPS,_time,null())
| stats max(TPS) AS "MaxTPS" min(TPS) AS "MinTPS" avg(TPS) AS "AvgTPS" first(peakTime) as peakTime by service AS Consumer
| fieldformat peakTime=strftime(peakTime,"%x %X")
| table Consumer MaxTPS MinTPS AvgTPS peakTime
How to get same values for every one hour in last 24 hours time frame?
Hi, I have already tried this but it is showing no result found
Sorry, please try again, I updated my answer.
Could you please confirm what is the updated query ?
I am using below query. No result found. Please suggest
index=whatever yoursearchterms
| bin _time span=1s
| stats count AS TPS by _time service
| stats max(TPS) AS "NaxTPS" min(TPS) AS "MinTPS" avg(TPS) AS "AVG TPS" by service
Now it is giving the exact result what I was looking for. Thank you very much. Can you please let me know how I can change the average value upto 2 decimal place.
| eval "AVG TPS"=round("AVG TPS", 2)