Splunk Search

How to identify the average time taken to process an item?

New Member

I am trying to create a pareto chart. I have already done that portion of the work. I have been asked to identify a number of items in a specific page range as a part of the task. I did that, but I have been asked to find a way to identify the average time taken to process the number of items. To get a better understanding to say for example I have 736 items in 3 pages.

What function would I use to identify the amount of time per item?
Hopefully, that provides a better way to see what I am getting at.
Any input would be appreciated. Thank you in advance.

This is what I have so far this is not everything but the portion of the work I was mentioning above:

| eval overallTime=elapsedTime/1000
| eval processTimePerItem=overallTime/totalItems
| streamstats sum(processTimePerItem) as processTimePerITem by pageCount 
0 Karma


how does you raw data look like?

Hope I was able to help you. If so, an upvote would be appreciated.
0 Karma

New Member

What I have in total:

assetGroup=* transId=* masterFeatureContext=* appName=deliveryrm pageCount > 2 (assetName=courier AND actionName=postJob) OR actionName=completeJob
| eval overallTime=elapsedTime/1000
| chart sum(numItems) as totalItems by pageCount
| sort - totalItems
| eventstats sum(totalItems) as total
| eval percent=round((totalItems/total)*100, 3)
| streamstats sum(percent) as percent_pareto
| streamstats sum(processTimePerItem) as processTimePerItem by pageCount
| eval processTimePerItem=overallTime/totalItems
| fields pageCount totalItems percent_pareto processTimePerPage

0 Karma