Show averages for three different types of results

bigtyma · ‎07-22-2013

I need to show the difference between three different types of servers for example.

CitrixServer TotalStartupTime
OAIMFEP06 15.609
OAIMFEPV94 27.876
OAIMFEPT07 17446.984

Virtual servers have 'v' in the name, test servers have 't' in the name and physical servers have neither T or V in the name.

I would like to show the average TotalStartupTime for each type of server.

Thank you SplunkBase!

CitrixServer    TotalStartupTime

1 OAIMFEPV94 27.876
2 OAIMFEPV89 20.095
3 OAIMFEPV13 36.08
4 oaimfep03 51.654
5 OAIMFEP22 779.027
6 OAIMFEP02 52.532
7 OAIMFEPV83 67.69
8 OAIMFEPV80 15.25
9 OAIMFEPV40 98.207
10 OAIMFEP06 15.609

bmacias84 · ‎07-22-2013

Hi, have not idea how your base search looks or your raw data, but I would use rex or regex in my search. I am also assuming CitrixServer is a valid field.

I am assuming the following: OAIMFEPV94 - base_servername=OAIMFE, server_type=PV, server_instance=94



...| rex field=CitrixServer "(?i)oaimfe(?<server_type>\w+)\d\d$" | stats sum(TotalStartupTime) by server_type

You can further enrich the data by using a case statment or lookup table. Also read Splunk SPL Cook book which is available for download.

Hope this helps or gets you started. Don't forget to accept and vote answers that help.

bmacias84 · ‎07-23-2013

If this help dont forget to accept by clicking the the check mark. Cheers

bigtyma · ‎07-23-2013

Nice!

Thank you!

Show averages for three different types of results

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life