Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

average for sucessfully requests

chialin
New Member
‎10-22-2013 12:49 PM

Hi, I hava data in the log like the following:

userId    url     status    time
123       /abc    success   1000
123       /abc    failed    100000
234       /abc    success   1200

I would like to generate a report that returns

  1. total # of requests
  2. average time for sucessful requests

How can I achieve this with stats and other Splunk functions?

Tags (1)
0 Karma
Reply

dsheldon
Explorer
‎10-22-2013 03:14 PM

Using a single search:

index=foo | eval time_success=if(status="success",time,"") | stats COUNT(status) AS "Total Requests" AVG(time_success) AS "Average time - Success"

"time_success" stores only the values that should be averaged together. The stats command is then used to calculate both the total count and the average time of success

Reply

kristian_kolb
Ultra Champion
‎10-22-2013 01:30 PM

  1. index=blah sourcetype=bleh | stats count AS "Total Requests"

  2. index=blah sourcetype=bleh status=success | stats avg(time) AS "Avg time - successful"

If you want the result in one search, you can use the append search command. See the docs.

/K

Reply
Get Updates on the Splunk Community!

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...