Total time taken per request - Splunk Community

Splunk Search

new to Splunk so want to know how I can fetch total time take per request

applog.msg=XXXX_Logs,CorrelationId=XXXXXXXXXX,URL=XXXX.com,ServiceKey=xyzService,No_Of_Requests=4,Total_Time_Taken=3

Total time taken = Total_Time_Taken/ No_Of_Requests

Hi @puneetgureja

I don't know if your field are extracted

if the field are extracted you only need a eval condition

eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

if you need to extract the fields before needs a rex comand

| rex field=_raw "No_Of_Requests=(?<no_of_requests>\d+),Total_Time_Taken=(?<total_time_taken>\d+)" | eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

anyway I suggest to extract the field with an automatic KEy-value extraction

https://docs.splunk.com/Documentation/Splunk/8.1.3/Knowledge/Automatickey-valuefieldextractionsatsea...

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open! conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor. HEC Receiver authorization ...