calculate delta of success rate of a particular fi...

yamini_37 · ‎12-28-2019

can you please help me in writing SPL query for the below scenario.
I want to calculate delta of success rate of a particular field for two servers.

I used the below query:
.....|stats values(Resp) as Resp values(Req) as Required by _time,host | eval Success_Rate= (Resp/Req)*100 |delta Success_Rate as Delta_of_Success_Rate | xyseries _time host Delta_of_Success_Rate

Here, splunk is calculating the delta according to values listed in the statistics. Can you please or correct this query to calculating delta value for each host

to4kawa · ‎12-29-2019

| makeresults 
| eval temp="Time: 21:30
Total: 60 Running: 05
mt100 pool1    /root/user/bin/process1.sh
mt100 pool12    /root/user/bin/process21.deb
mt201 pool2    /root/user/bin/process321.sh
mt301 pool3    /root/user/bin/process432.deb
mt301 pool312    /root/user/bin/process52.sh" 
| makemv delim="
" temp
| mvexpand temp
| rename temp as _raw
| erex processname examples="/root/user/binprocess1.sh,/root/user/bin/process21.deb"

Also please.

to4kawa · ‎12-29-2019

| makeresults count=2 
| streamstats count 
| eval _time=if(count=2,relative_time(_time,"-1d@m"),_time) 
| makecontinuous span=1m _time 
| eval host="host".(random() % 2 + 1) 
| eval Resp=random() % 5 + 1, Req=random() % 5 + 1 
| bin span=1h _time 
| stats sum(Resp) as Resp sum(Req) as Required by _time,host 
| eval Success_Rate= round((Resp/Required)*100) 
| reverse 
| delta Success_Rate as Delta_of_Success_Rate 
| xyseries _time host Delta_of_Success_Rate

Hi, folks. I think that if you use reverse, it works properly

woodcock · ‎12-28-2019

Maybe this?

... | bin _time span=1h 
| stats dc(Resp) AS Resp dc(Req) AS Req BY _time host
| eval Success_Rate = 100 * (Resp / Req) 
| streamstats current=f last(Success_Rate) AS Next_Success_Rate BY host
| eval Delta_of_Success_Rate = Next_Success_Rate - Success_Rate
| timechart span=1h first(Delta_of_Success_Rate) AS Delta_of_Success_Rate BY host

aberkow · ‎12-28-2019

Can you give an example and desired output?

Does it look like:

host time delta
a 1

a 2
b 1
b 2

and you want it to just be for one host? sorted by host? thanks!

yamini_37 · ‎12-29-2019

My desired output should be like:

Time Delta(host 1) Delta(host 2)

I didn't sort it by host. I will try like that.

yamini_37 · ‎12-28-2019

I am getting the below output:

time host sucess_rate Delta_of_sucess_rate
12/29/19 08:40 AM XM1 100
12/29/19 08:40 AM XM2 98 -2
12/29/19 08:45 AM XM1 99 1
12/29/19 08:45 AM XM2 100 1
12/29/19 08:50 AM XM1 96 -4
12/29/19 08:50 AM XM2 95 -1

The above is calculating delta incorrectly. I want to display the below desired output.

time host sucess_rate Delta_of_sucess_rate
12/29/19 08:40 AM XM1 100
12/29/19 08:45 AM XM1 99 -1
12/29/19 08:50 AM XM1 96 -3
12/29/19 08:40 AM XM2 98

12/29/19 08:45 AM XM2 100 2
12/29/19 08:50 AM XM2 95 -5

OR

time success_XM1 delta_success_host(XM1) success_XM2 delta_success_host(XM2)
12/29/19 08:40 AM 100 98

12/29/19 08:45 AM 99 -1 100 2
12/29/19 08:50 AM 96 -3 95 -5

Finally, I want to show the delta values of two hosts in one panel by time. can you please help me on this. Thanks

calculate delta of success rate of a particular field for two hosts

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Are you a member of the Splunk Community?

calculate delta of success rate of a particular field for two hosts

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25