Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: count by response time range
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jibiuthaman
Explorer
02-27-2014
01:14 PM
source aaa| eval Description=case(rt_sec>10, "G10", rt_sec>20, "G20", rt_sec>30, "G30", rt_sec>40, "G40") | stats count by Description
this seems to only give me results for G10 even though I have many cases with response times greater then 10 sec... if i just do source aaa rt_sec > 20, I get results. Please help me find the issue here.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-27-2014
01:24 PM
Try this.
source=aaa | eval Description=case(rt_sec>10 AND rt_sec<=20,"G10", rt_sec>20 AND rt_sec<=30,"G20",rt_sec>30 AND rt_sec<=40,"G40",rt_sec>40,"G10")| stats count by Description
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
02-27-2014
01:24 PM
Try this.
source=aaa | eval Description=case(rt_sec>10 AND rt_sec<=20,"G10", rt_sec>20 AND rt_sec<=30,"G20",rt_sec>30 AND rt_sec<=40,"G40",rt_sec>40,"G10")| stats count by Description
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ksuyash
Explorer
10-18-2024
04:21 PM
I'm having similar query but when using the below case .. onlt <=500 and >=1500 are getting counted in stats
duration =6000's are also getting counted in >1500ms case not sure why
index=*
| rex "TxDurationInMillis=(?<TxDurationInMillis>\d+)"
| eval ResponseTime = tonumber(TxDurationInMillis)
| eval ResponseTimeCase=case(
ResponseTime <= 500, "<=500ms",
ResponseTime > 500 AND ResponseTime <= 1000, ">500ms and <=1000ms",
ResponseTime > 1000 AND ResponseTime <= 1400, ">1000ms and <=1400ms",
ResponseTime > 1400 AND ResponseTime < 1500, ">1400ms and <1500ms",
ResponseTime >= 1500, ">=1500ms"
)
| table TxDurationInMillis ResponseTime ResponseTimeCase- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jibiuthaman
Explorer
02-28-2014
08:48 AM
Work and thanks again..
Get Updates on the Splunk Community!
Data Management Digest – December 2025
Welcome to the December edition of Data Management Digest!
As we continue our journey of data innovation, the ...
Index This | What is broken 80% of the time by February?
December 2025 Edition
Hayyy Splunk Education Enthusiasts and the Eternally Curious!
We’re back with this ...
Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...
Hello Splunk Community,
We're thrilled to share an exciting update that will help you manage your data more ...
