Total time taken per request - Splunk Community

Splunk Search

new to Splunk so want to know how I can fetch total time take per request

applog.msg=XXXX_Logs,CorrelationId=XXXXXXXXXX,URL=XXXX.com,ServiceKey=xyzService,No_Of_Requests=4,Total_Time_Taken=3

Total time taken = Total_Time_Taken/ No_Of_Requests

Hi @puneetgureja

I don't know if your field are extracted

if the field are extracted you only need a eval condition

eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

if you need to extract the fields before needs a rex comand

| rex field=_raw "No_Of_Requests=(?<no_of_requests>\d+),Total_Time_Taken=(?<total_time_taken>\d+)" | eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

anyway I suggest to extract the field with an automatic KEy-value extraction

https://docs.splunk.com/Documentation/Splunk/8.1.3/Knowledge/Automatickey-valuefieldextractionsatsea...

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

Get Updates on the Splunk Community!

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Help us learn about how Splunk has impacted your career by taking the 2021 Splunk Career Survey. Last year’s ...

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...