Are you a member of the Splunk Community?
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: average of response time for the service call...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
average of response time for the service call per day.
sourceType="source_log" | rex field=_raw .... ........
Expected output :
Service_call Avf for 03/04 avg for 03/05 ........
addBook 125 180
addpens 60 70
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try this:
sourcetype="app_log" | rex field=_raw ".serviceCall=(?\w+)(?:[^=\n]=){3}(?P\d+)."
| eventstats count,avg(time_ms) AS Avg_time_ms by serviceCall
| eval Avg_timetaken_ms=round(Avg_time_ms,2)
| timechart avg(Avg_timetaken_ms) by serviceCall span=1d
The timechart command will actually format your data for charting (which may be what you want anyway) but you can switch to the statistics view to see the table of results
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nik!!!
Thank you for the query but the results are not as expected.
I executed search and got results like below...
_time getBookInfo getPenInfo addBookInfo addPenInfo OTHER
2019-03-08 22:00:00 19.29 47.18 86.89999999999999
2019-03-08 22:30:00 512 105.09 348.3 19.29 86.89999999999999
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
but I'm looking for the result as below
Service_call Avg_for_03/04 Avg_for_03/05 ........ so on
addBook 125 180
addpens 60 70
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you able to give us the full search you are using, and an example of the results your search produces?
There is not enough information at present to help.
Please also use the code tool which looks like 101010 when posting search queries or results.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Nickhill!
Greetings for the day!!!.
Search I'm using now :
sourcetype="app_log" | rex field=_raw ".serviceCall=(?\w+)(?:[^=\n]=){3}(?P\d+)." | stats count,avg(time_ms) AS Avg_time_ms by serviceCall | eval Avg_timetaken_ms=round(Avg_time_ms,2) | sort -Avg_time_ms
Current Output for last 15 mins :
serviceCall count Avg_timetaken_ms
getBookInfo 4 340.75
getPenInfo 4 232.00
addBookInfo 1 191.00
addPenInfo 3 70.67
Now I'm trying to get avgerage time per day
Expected out put :
serviceCall Avg_time_ms_03/08 Avg_time_ms_03/07 Avg_time_ms_03/06 ......so on
getBookInfo 340.75 320.00 310.00
getPenInfo 232.00 250.25 280.23
addBookInfo 191.00 180.25 195.45
addPenInfo 70.67 65.24 68.55
After this I want to compare these each serice avg rsponse time with two different time period..
like.... I want to compare getBookInfo avg_response of this month with previous month, and I want to show difference in next coloumn.
Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain
Splunk Lantern’s Guide to The Most Popular .conf25 Sessions
Unlock What’s Next: The Splunk Cloud Platform at .conf25
