Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

percentile total transactions in IIS

joe06031990
Communicator
‎07-15-2021 04:07 AM

Hello,

I am trying to get the Perc99 and Perc95 from the total transaction in IIS which the bellow search:

 

source="C:\\inetpub\\logs\\LogFiles\\*" host="WIN-699VGN4SK4U" index="main" |bucket span=1w _time|stats count by _time|eventstats perc95(count) as p95 ,perc95(count) as p95 

 

however it is just being the total for both, any help would be greatly appreciated.

 

Thanks

 

Joe

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

efika
Communicator
‎07-15-2021 11:10 PM

Hi @joe06031990 ,

 

You had a typo in your example, duplicating the P95 instead of P99.

Anyways, you don't need the eventstats, just add the perc95 and perc99 to the stats as follows:

| stats count perc95(count) as p95 perc99(count) as p99 by _time

View solution in original post

Reply
Solved! Jump to solution

efika
Communicator
‎07-15-2021 11:42 PM

You're welcome !

0 Karma
Reply
Solved! Jump to solution
Solution

efika
Communicator
‎07-15-2021 11:10 PM

Hi @joe06031990 ,

 

You had a typo in your example, duplicating the P95 instead of P99.

Anyways, you don't need the eventstats, just add the perc95 and perc99 to the stats as follows:

| stats count perc95(count) as p95 perc99(count) as p99 by _time

Reply
Solved! Jump to solution

joe06031990
Communicator
‎07-15-2021 11:23 PM

Thanks for your help.

0 Karma
Reply
Get Updates on the Splunk Community!

Reduce and Transform Your Firewall Data with Splunk Data Management

Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...