Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Search Help- Not sure how to Title
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Substance82
Path Finder
08-23-2024
10:12 AM
I'm trying to achieve the following output using the table command, but am hitting a snag.
| Vision ID | Transactions | Good | % Good | Fair | % Fair | Unacceptable | % Unacceptable | Average Response Time | Report Date |
| ABC STORE (ABCD) | 159666494 | 159564563 | 99.9361601 | 101413 | 0.063515518 | 518 | 0.000324426 | 0.103864001 | Jul-24 |
| Total | 159666494 | 159564563 | 99.9361601 | 101413 | 0.063515518 | 518 | 0.000324426 | 0.103864001 | Jul-24 |
| Thresholds | response <= 1s | 1s < response <= 3s | 3s < response |
Here is my broken query:
index=etims_na
sourcetype=etims_prod
platformId=5
bank_fiid = ABCD
| eval response_time=round(if(strftime(_time,"%Z") == "EDT",((j_timestamp-entry_timestamp)-14400000000)/1000000,((j_timestamp-entry_timestamp)-14400000000)/1000000-3600),3)
| stats count AS Total count(eval(response_time<=1)) AS "Good" count(eval(response_time<=2)) AS "Fair" count(eval(response_time>2)) AS "Unacceptable" avg(response_time) AS "Average" BY Vision_ID
| eval %Good= round((Good/total)*100,2), %Fair = round((Fair/total)*100,2), %Unacceptable = round((Unacceptable/total)*100,2)
| addinfo
| eval "Report Date"=strftime(info_min_time, "%m/%Y")
| table "Vision_ID", "Transactions", "Good", "%Good" "Fair", "%Fair", "Unacceptable", "%Unacceptable", "Average", "Report Date"The help is always appreciated. Thanks!
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Substance82
Path Finder
08-23-2024
11:09 AM
Read my notes and kept trying until I got it!
index=etims_na
sourcetype=etims_prod
platformId=5
bank_fiid=COST
| eval response_time=round(if(strftime(_time,"%Z") == "EDT",((j_timestamp-entry_timestamp)-14400000000)/1000000,((j_timestamp-entry_timestamp)-14400000000)/1000000-3600),3)
| stats count AS Transactions count(eval(response_time <= 1)) AS "Good" count(eval(response_time <= 2)) AS "Fair" count(eval(response_time > 2)) AS "Unacceptable" avg(response_time) AS "Average" BY bank_fiid
| eval "%Good"=(Good/Transactions)*100
| eval "%Fair"=(Fair/Transactions)*100
| eval "%Unacceptable"=(Unacceptable/Transactions)*100
| addinfo
| eval "Report Date"=strftime(info_min_time, "%m/%Y")
| table bank_fiid, "Transactions", "Good", "%Good" "Fair", "%Fair", "Unacceptable", "%Unacceptable", "Average", "Report Date"
| rename bank_fid as "Vision ID"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Substance82
Path Finder
08-23-2024
11:09 AM
Read my notes and kept trying until I got it!
index=etims_na
sourcetype=etims_prod
platformId=5
bank_fiid=COST
| eval response_time=round(if(strftime(_time,"%Z") == "EDT",((j_timestamp-entry_timestamp)-14400000000)/1000000,((j_timestamp-entry_timestamp)-14400000000)/1000000-3600),3)
| stats count AS Transactions count(eval(response_time <= 1)) AS "Good" count(eval(response_time <= 2)) AS "Fair" count(eval(response_time > 2)) AS "Unacceptable" avg(response_time) AS "Average" BY bank_fiid
| eval "%Good"=(Good/Transactions)*100
| eval "%Fair"=(Fair/Transactions)*100
| eval "%Unacceptable"=(Unacceptable/Transactions)*100
| addinfo
| eval "Report Date"=strftime(info_min_time, "%m/%Y")
| table bank_fiid, "Transactions", "Good", "%Good" "Fair", "%Fair", "Unacceptable", "%Unacceptable", "Average", "Report Date"
| rename bank_fid as "Vision ID"
Get Updates on the Splunk Community!
Shape the Future of Splunk: Join the Product Research Lab!
Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...
Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal
You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...
