Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Response time or Latency comparison for API's against different time period

amarmnrao
New Member
‎05-10-2022 12:35 PM

Hi - I want to list API's and its latencies / response times and want to compare the latencies in a table like below,

Explanation : The test is executed for 1 hour and each ramp is 15 min (1X to 4X) 

API 1X Load response time avg or p95 2X Load response time avg or p95 3X Load response time avg or p95 4X Load response time avg or p95
API1        
API2        

 

Current Query :

host=somehost sourcetype=somesourcetype endpoint=* latency=* received | search *SOMESTRING* |timechart p95(latency) span=15m by endpoint |foreach *[|eval "<<FIELD.."=ROUND('<<FIELD>>',0)]

this query works fine without any issue and its displaying results like this but results are not accurate as the response time of 2022-05-09 00:00:00 & 2022-05-09 00:15:00 overlap and this becomes 1X data. how can i exactly separate 1X to 4X if i have executed a test from 2022-05-09 13:00:00 - 14:00:00 PM 

_time  API1  API2 API3
2022-05-09 00:00:00      
2022-05-09 00:15:00      
2022-05-09 00:30:00      
2022-05-09 00:45:00      
Labels (1)
Labels
Tags (1)
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-10-2022 09:58 PM

Please explain what you mean by response times overlapping and separating into 1x to 4x

0 Karma
Reply

amarmnrao
New Member
‎05-11-2022 02:21 PM

HI Sorry - if am not explaining correctly, Consider I am running a test from 1:12 PM to 2:14 PM. this test will have a data points of 1X load test 2X, 3X ad 4X which is 15 mins duration. so now my requirement is I have to list the API latency for 1X duration and then list the latency of 2X duration and so on until 4X.

But with the current query the issue am facing is that, Splunk will span the time into 15mins so its kind of rounding off the time like if I run the a test from 1:12 to 2:14 and give a span of 15m its will split the 1 hour as like this 1:10 - 1:25 - as 1X load. In this period we can loose 2 minutes data and it will show up in 2X load timespan. but we want to filter from 1:12 - 1:27 - as 1X and 1:28 - 1:43 as 2X and so on in a columnar format 

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎05-11-2022 09:17 PM

Have I understood correctly - your tests create events at four points called 1X, 2X, 3X and 4X, they could be called alpha, beta, gamma, and delta, they are just names.

Each event has a duration and the event is produced at the end of each stage of the test.

Please correct me if I am wrong

Perhaps you could provide some sample events (anonymised but representative)?

0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games Tutorial Extension - part 9

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Buttercup Games Tutorial Extension - part 8

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Introducing the Splunk Developer Program!

Hey Splunk community! We are excited to announce that Splunk is launching the Splunk Developer Program in ...
Top