Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Search Help- Not sure how to Title
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Substance82
Path Finder
08-23-2024
10:12 AM
I'm trying to achieve the following output using the table command, but am hitting a snag.
| Vision ID | Transactions | Good | % Good | Fair | % Fair | Unacceptable | % Unacceptable | Average Response Time | Report Date |
| ABC STORE (ABCD) | 159666494 | 159564563 | 99.9361601 | 101413 | 0.063515518 | 518 | 0.000324426 | 0.103864001 | Jul-24 |
| Total | 159666494 | 159564563 | 99.9361601 | 101413 | 0.063515518 | 518 | 0.000324426 | 0.103864001 | Jul-24 |
| Thresholds | response <= 1s | 1s < response <= 3s | 3s < response |
Here is my broken query:
index=etims_na
sourcetype=etims_prod
platformId=5
bank_fiid = ABCD
| eval response_time=round(if(strftime(_time,"%Z") == "EDT",((j_timestamp-entry_timestamp)-14400000000)/1000000,((j_timestamp-entry_timestamp)-14400000000)/1000000-3600),3)
| stats count AS Total count(eval(response_time<=1)) AS "Good" count(eval(response_time<=2)) AS "Fair" count(eval(response_time>2)) AS "Unacceptable" avg(response_time) AS "Average" BY Vision_ID
| eval %Good= round((Good/total)*100,2), %Fair = round((Fair/total)*100,2), %Unacceptable = round((Unacceptable/total)*100,2)
| addinfo
| eval "Report Date"=strftime(info_min_time, "%m/%Y")
| table "Vision_ID", "Transactions", "Good", "%Good" "Fair", "%Fair", "Unacceptable", "%Unacceptable", "Average", "Report Date"The help is always appreciated. Thanks!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Substance82
Path Finder
08-23-2024
11:09 AM
Read my notes and kept trying until I got it!
index=etims_na
sourcetype=etims_prod
platformId=5
bank_fiid=COST
| eval response_time=round(if(strftime(_time,"%Z") == "EDT",((j_timestamp-entry_timestamp)-14400000000)/1000000,((j_timestamp-entry_timestamp)-14400000000)/1000000-3600),3)
| stats count AS Transactions count(eval(response_time <= 1)) AS "Good" count(eval(response_time <= 2)) AS "Fair" count(eval(response_time > 2)) AS "Unacceptable" avg(response_time) AS "Average" BY bank_fiid
| eval "%Good"=(Good/Transactions)*100
| eval "%Fair"=(Fair/Transactions)*100
| eval "%Unacceptable"=(Unacceptable/Transactions)*100
| addinfo
| eval "Report Date"=strftime(info_min_time, "%m/%Y")
| table bank_fiid, "Transactions", "Good", "%Good" "Fair", "%Fair", "Unacceptable", "%Unacceptable", "Average", "Report Date"
| rename bank_fid as "Vision ID"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Substance82
Path Finder
08-23-2024
11:09 AM
Read my notes and kept trying until I got it!
index=etims_na
sourcetype=etims_prod
platformId=5
bank_fiid=COST
| eval response_time=round(if(strftime(_time,"%Z") == "EDT",((j_timestamp-entry_timestamp)-14400000000)/1000000,((j_timestamp-entry_timestamp)-14400000000)/1000000-3600),3)
| stats count AS Transactions count(eval(response_time <= 1)) AS "Good" count(eval(response_time <= 2)) AS "Fair" count(eval(response_time > 2)) AS "Unacceptable" avg(response_time) AS "Average" BY bank_fiid
| eval "%Good"=(Good/Transactions)*100
| eval "%Fair"=(Fair/Transactions)*100
| eval "%Unacceptable"=(Unacceptable/Transactions)*100
| addinfo
| eval "Report Date"=strftime(info_min_time, "%m/%Y")
| table bank_fiid, "Transactions", "Good", "%Good" "Fair", "%Fair", "Unacceptable", "%Unacceptable", "Average", "Report Date"
| rename bank_fid as "Vision ID"
Get Updates on the Splunk Community!
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...
Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...
