Total time taken per request - Splunk Community

Splunk Search

new to Splunk so want to know how I can fetch total time take per request

applog.msg=XXXX_Logs,CorrelationId=XXXXXXXXXX,URL=XXXX.com,ServiceKey=xyzService,No_Of_Requests=4,Total_Time_Taken=3

Total time taken = Total_Time_Taken/ No_Of_Requests

Hi @puneetgureja

I don't know if your field are extracted

if the field are extracted you only need a eval condition

eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

if you need to extract the fields before needs a rex comand

| rex field=_raw "No_Of_Requests=(?<no_of_requests>\d+),Total_Time_Taken=(?<total_time_taken>\d+)" | eval "Total time taken"=Total_Time_Taken/ No_Of_Requests

anyway I suggest to extract the field with an automatic KEy-value extraction

https://docs.splunk.com/Documentation/Splunk/8.1.3/Knowledge/Automatickey-valuefieldextractionsatsea...

“The answer is out there, Neo, and it’s looking for you, and it will find you if you want it to.”

Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...