- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Show averages for three different types of results
I need to show the difference between three different types of servers for example.
CitrixServer TotalStartupTime
OAIMFEP06 15.609
OAIMFEPV94 27.876
OAIMFEPT07 17446.984
Virtual servers have 'v' in the name, test servers have 't' in the name and physical servers have neither T or V in the name.
I would like to show the average TotalStartupTime for each type of server.
Thank you SplunkBase!
CitrixServer TotalStartupTime
1 OAIMFEPV94 27.876
2 OAIMFEPV89 20.095
3 OAIMFEPV13 36.08
4 oaimfep03 51.654
5 OAIMFEP22 779.027
6 OAIMFEP02 52.532
7 OAIMFEPV83 67.69
8 OAIMFEPV80 15.25
9 OAIMFEPV40 98.207
10 OAIMFEP06 15.609
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, have not idea how your base search looks or your raw data, but I would use rex or regex in my search. I am also assuming CitrixServer is a valid field.
I am assuming the following: OAIMFEPV94 - base_servername=OAIMFE, server_type=PV, server_instance=94
...| rex field=CitrixServer "(?i)oaimfe(?<server_type>\w+)\d\d$" | stats sum(TotalStartupTime) by server_type
You can further enrich the data by using a case statment or lookup table. Also read Splunk SPL Cook book which is available for download.
Hope this helps or gets you started. Don't forget to accept and vote answers that help.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If this help dont forget to accept by clicking the the check mark. Cheers
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nice!
Thank you!
