Hey @vijayparthasarathy,
index=myvmr_main sourcetype="dbinput:solarwindsmyVMRQosQueue"
Filtering "dbinput:solarwindsmyVMRQosQueue" events from myvmr_main index.
| eval total_packet=if(match(Stats_Name, "Pre-Policy"), SUM_of_Bytes, null())
| eval packet_drop=if(match(Stats_Name, "Drops"), SUM_of_Bytes, null())
Evaluation functions match(SUBJECT, "REGEX") -This function returns TRUE or FALSE based on whether REGEX matches SUBJECT.
have a look at this example for more information.
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/ConditionalFunctions#match.28SUBJECT.2C_.22REGEX.22.29
| streamstats window=2 values(total_packet) as total, values(packet_drop) as dropVal by NodeName
Streamstats - Adds cumulative summary statistics to all search results in a streaming manner
window - Specifies the number of events to use when computing the statistics
have a look at streamstats doc.
| search dropVal > 0
Filtering results where dropVal > 0
| eval drop_perc=round((dropVal/total)*100,2)*
calculating percentage
| bin span=30m _time
Create a bucket of _time with span of 30m
http://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/Bin
| chart avg(drop_perc) as "Drop %" by NodeName
Calculating average of percentage by nodename.
Well you can see results after each pipe and look at the changes happening .
let me know if this helps!
... View more