Splunk Search

How to get the count of events which are in between a range in one query?

chandrasekharko
Path Finder

I need to get the count of events which are in between a range in one query. Ex: number of calls which took 10-20 seconds, 20-30 seconds, 30-60 seconds, 60-90 seconds, >90 seconds.

0 Karma

493669
Super Champion

Try this run anywhere search:

|makeresults|eval number=30
|append[|makeresults|eval number=10]
|append[|makeresults|eval number=12]
| rangemap field=number low=10-20 elevated=21-30 medium=31-50 default=severe|stats count by range

similarly you can set duration in rangemap and find its statistical count

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!