Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Response time or Latency comparison for API's against different time period

amarmnrao
New Member
‎05-10-2022 12:35 PM

Hi - I want to list API's and its latencies / response times and want to compare the latencies in a table like below,

Explanation : The test is executed for 1 hour and each ramp is 15 min (1X to 4X) 

API 1X Load response time avg or p95 2X Load response time avg or p95 3X Load response time avg or p95 4X Load response time avg or p95
API1        
API2        

 

Current Query :

host=somehost sourcetype=somesourcetype endpoint=* latency=* received | search *SOMESTRING* |timechart p95(latency) span=15m by endpoint |foreach *[|eval "<<FIELD.."=ROUND('<<FIELD>>',0)]

this query works fine without any issue and its displaying results like this but results are not accurate as the response time of 2022-05-09 00:00:00 & 2022-05-09 00:15:00 overlap and this becomes 1X data. how can i exactly separate 1X to 4X if i have executed a test from 2022-05-09 13:00:00 - 14:00:00 PM 

_time  API1  API2 API3
2022-05-09 00:00:00      
2022-05-09 00:15:00      
2022-05-09 00:30:00      
2022-05-09 00:45:00      
Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-10-2022 09:58 PM

Please explain what you mean by response times overlapping and separating into 1x to 4x

0 Karma
Reply

amarmnrao
New Member
‎05-11-2022 02:21 PM

HI Sorry - if am not explaining correctly, Consider I am running a test from 1:12 PM to 2:14 PM. this test will have a data points of 1X load test 2X, 3X ad 4X which is 15 mins duration. so now my requirement is I have to list the API latency for 1X duration and then list the latency of 2X duration and so on until 4X.

But with the current query the issue am facing is that, Splunk will span the time into 15mins so its kind of rounding off the time like if I run the a test from 1:12 to 2:14 and give a span of 15m its will split the 1 hour as like this 1:10 - 1:25 - as 1X load. In this period we can loose 2 minutes data and it will show up in 2X load timespan. but we want to filter from 1:12 - 1:27 - as 1X and 1:28 - 1:43 as 2X and so on in a columnar format 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-11-2022 09:17 PM

Have I understood correctly - your tests create events at four points called 1X, 2X, 3X and 4X, they could be called alpha, beta, gamma, and delta, they are just names.

Each event has a duration and the event is produced at the end of each stage of the test.

Please correct me if I am wrong

Perhaps you could provide some sample events (anonymised but representative)?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Community Content Calendar, September edition

Welcome to another insightful post from our Community Content Calendar! We're thrilled to continue bringing ...

Splunkbase Unveils New App Listing Management Public Preview

Splunkbase Unveils New App Listing Management Public PreviewWe're thrilled to announce the public preview of ...

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you leveraging automation to its fullest potential in your threat detection strategy?Our upcoming Security ...