Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk query to check variation in processing time and volume in 5 minutes each (in last 10 minutes)

sahil237888
Path Finder
‎03-09-2021 09:13 AM

Hi, Can anyone help, As I want to get an alert if : The volume gets drop or if processing time gets increased of a specific server when being compared with last 5 minutes - The query should use volume and average response of current 5 minutes and last 5 minutes. and then if there is difference in volume < 50% or processing time > 60% then alert.

Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎03-13-2021 12:10 AM

Hi @sahil237888,

Please try below sample;

index=your_index earliest=-15m 
| timechart span=5m partial=f avg(response_time) as response_time sum(volume) as volume
| autoregress response_time p=1
| autoregress volume p=1
| where response_time>response_time_p1*1.6 OR volume<volume_p1*0.5
If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

What's New in Splunk Observability - October 2025

What’s New?    We’re excited to announce the latest enhancements to Splunk Observability Cloud and share ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

&#x1f5e3; You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

 Prepare to elevate your security operations with the powerful upgrade to Splunk Enterprise Security 8.x! This ...