Multiple average time calculations in a single sea...

angersleek · ‎05-22-2018

This is my log format.

{
    servicename: ServiceOne
    end.timestamp: 20000
    start.timestamp: 19920
}

{
    servicename: ServiceTwo
    end.timestamp: 30000
    start.timestamp: 29520
}

{
    servicename: ServiceOne
    end.timestamp: 59800
    start.timestamp: 59220
}

I am trying to calculate the average time taken for each service and display it in a trellis Layout on my Dashboard.

For example as follows:

ServiceOne(milliSecond) ServiceTwo(milliSecond) ServiceThree(milliSecond) 

200                     320                     455

I am able to capture the data, subtract the time to get the duration for each time the service is called and get its average to display it for one service. Is there a way I could do this for all my services (there are 8 of them) in a single search to display it in a single Trellis layout as shown in the above example? Thanks.

This is what I have done which works for a single service.

servicename=Service* | Convert num(end.timestamp) as end_time | Convert num(start.timestamp) as start_time | eval time_taken=(end_time - start_time) | eval AllServicesDurationField=toString(time_taken) | chart avg(AllServicesDurationField) as "All Services"

somesoni2 · ‎05-22-2018

Just add by servicename at the end of your chart command.

Multiple average time calculations in a single search for Trellis Display

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Are you a member of the Splunk Community?

Multiple average time calculations in a single search for Trellis Display

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability