Total time taken per request - Splunk Community

Splunk Search

new to Splunk so want to know how I can fetch total time take per request

applog.msg=XXXX_Logs,CorrelationId=XXXXXXXXXX,URL=XXXX.com,ServiceKey=xyzService,No_Of_Requests=4,Total_Time_Taken=3

Total time taken = Total_Time_Taken/ No_Of_Requests

Hi @puneetgureja

I don't know if your field are extracted

if the field are extracted you only need a eval condition

eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

if you need to extract the fields before needs a rex comand

| rex field=_raw "No_Of_Requests=(?<no_of_requests>\d+),Total_Time_Taken=(?<total_time_taken>\d+)" | eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

anyway I suggest to extract the field with an automatic KEy-value extraction

https://docs.splunk.com/Documentation/Splunk/8.1.3/Knowledge/Automatickey-valuefieldextractionsatsea...

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

Get Updates on the Splunk Community!

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Are you ready to transform how your team handles complex data requests? We invite you to our upcoming ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...