Re: avg response time of two web services by data...

nlrdy · ‎04-08-2016

Hello,

I was able to extract the two web services using rex but now the problem is to have a table with something similar to below. response time is calculated by the field response_time.

somesoni2 · ‎04-08-2016

Try something like this
UPdated

your base search earliest=-8d@d latest=now | rex ....put your rex to extract web_service here ... | bucket span=1d _time | stats avg(response_time) as avg_resp_time by _time web_service | eval time=case(_time=relative_time(now(),"@d"),"Today",_time=relative_time(_time,"-1d@d"),"Yesterday", _time=relative_time(_time,"-8d@d"),"A week ago",1=1,"ignore") | where time!="ignore" | appendpipe [| stats avg(avg_resp_time) as avg_resp_time by time | eval web_service="AVG"] | chart values(avg_resp_time) over time by web_service  limit=0 | table time * AVG

nlrdy · ‎04-12-2016

can "by" be used with bucket ? I'm getting error for that

from splunk doc bin syntax:
bin [...] [AS ]

somesoni2 · ‎04-12-2016

No it can't be. Some how I merged bucket and stats. Updated the answer.

avg response time of two web services by data center on today, yesterday and few days ago

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

avg response time of two web services by data center on today, yesterday and few days ago

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem