Re: average for sucessfully requests

chialin · ‎10-22-2013

Hi, I hava data in the log like the following:

userId    url     status    time
123       /abc    success   1000
123       /abc    failed    100000
234       /abc    success   1200

I would like to generate a report that returns

total # of requests
average time for sucessful requests

How can I achieve this with stats and other Splunk functions?

dsheldon · ‎10-22-2013

Using a single search:

index=foo | eval time_success=if(status="success",time,"") | stats COUNT(status) AS "Total Requests" AVG(time_success) AS "Average time - Success"

"time_success" stores only the values that should be averaged together. The stats command is then used to calculate both the total count and the average time of success

kristian_kolb · ‎10-22-2013

index=blah sourcetype=bleh | stats count AS "Total Requests"
index=blah sourcetype=bleh status=success | stats avg(time) AS "Avg time - successful"

If you want the result in one search, you can use the append search command. See the docs.

/K

average for sucessfully requests

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Splunk Observability Metrics Cost Optimization

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation