Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Statistics Related

splunkrags
Engager
‎05-19-2011 06:04 AM

Hi,

I have a continuous stream of response times for a given service. A fraction of these responses can be very high due to various reasons. I would like to omit such occurrences (assuming that these are 2%) and calculate the average response time. Can this be achieved in a simple manner ? Example illustrated below:

Service Response Time (98% of the time)

A ---> 3.5 ms ( assuming values - 2,2,2,2,2,2,2,10 - needs to omit 10)

B ---> 4 ms ( assuming values - 4,4,4,4,4,5, 7,11 - needs to omit 11)

Thanks in advance

Tags (1)
0 Karma
Reply

bwooden
Splunk Employee
Splunk Employee
‎05-19-2011 10:33 AM

You can tweak acceptable parameters based on standard deviation or other stats. The below search will calculate the standard deviation of a and the existing average of a. Next we will make a null IF the value of a + standard deviation is greater than the average of a + standard deviation. Finally we filter out null values and return the average of what remains...

... | eventstats stdev(a) as stdev_a avg(a) as avg_a | eval a=if(a+stdev_a < avg_a+stdev_a, a, null()) | where isnotnull(a) | stats avg(a)
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...