avg response time of two web services by data cen...

nlrdy · ‎04-08-2016

Hello,

I was able to extract the two web services using rex but now the problem is to have a table with something similar to below. response time is calculated by the field response_time.

somesoni2 · ‎04-08-2016

Try something like this
UPdated

your base search earliest=-8d@d latest=now | rex ....put your rex to extract web_service here ... | bucket span=1d _time | stats avg(response_time) as avg_resp_time by _time web_service | eval time=case(_time=relative_time(now(),"@d"),"Today",_time=relative_time(_time,"-1d@d"),"Yesterday", _time=relative_time(_time,"-8d@d"),"A week ago",1=1,"ignore") | where time!="ignore" | appendpipe [| stats avg(avg_resp_time) as avg_resp_time by time | eval web_service="AVG"] | chart values(avg_resp_time) over time by web_service  limit=0 | table time * AVG

nlrdy · ‎04-12-2016

can "by" be used with bucket ? I'm getting error for that

from splunk doc bin syntax:
bin [...] [AS ]

somesoni2 · ‎04-12-2016

No it can't be. Some how I merged bucket and stats. Updated the answer.

avg response time of two web services by data center on today, yesterday and few days ago

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

Are you a member of the Splunk Community?

avg response time of two web services by data center on today, yesterday and few days ago

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps