×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
jjones31
New Member
Member since: ‎01-07-2015
‎06-05-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎01-07-2015
View All

Re: Suggestions on calculating reduction rates ove...

by in Splunk Search
‎01-13-2015 06:31 AM
‎01-13-2015 06:31 AM
Thanks for your response jayannah! You actually made me realize my example is misleading. Since success rate is already a percentage, your suggestion is completely valid. I am trying to create a search that will give me all events that's greater than a specific percentage (percent increase). For example, if I have a web page in which the response time has grown more than 10% in the past month, I want to know. Let me give you a better example, let's use response time instead of success rate. Events page="foo.html", response_time=40, _time=2014-11-1 page="foo.html", response_time=50, _time=2014-12-1 page="bar.html", response_time=3, _time=2014-11-1 page="bar.html", response_time=1, _time=2014-12-1 Desired Results Page | Response Time Percent Increase foo.html | 25 bar.html | -66.66 This shows foo.html's response time grew 25% and bar.html's reduced 66% from Nov to Dec. Any help is appreciated! ... View more

Suggestions on calculating reduction rates over a ...

by in Splunk Search
‎01-12-2015 12:04 PM
‎01-12-2015 12:04 PM
I am new to Splunk and need guidance on writing a generic search that will give me the percent increase over a two month period. For example, let's say my event data has the following fields: page="foo.html", success_rate=99.0, _time=2014-12-01 page="foo.html", success_rate=99.5, _time=2014-11-01 page="bar.html", success_rate=100, _time=2014-12-01 page="bar.html", success_rate=100, _time=2014-11-01 I would like my results to be: Page Name | Success Rate Change foo.html | -0.5 bar.html | 0 Here is another example: Events page="foo.html", response_time=40, _time=2014-11-1 page="foo.html", response_time=50, _time=2014-12-1 page="bar.html", response_time=3, _time=2014-11-1 page="bar.html", response_time=1, _time=2014-12-1 Desired Results Page | Response Time Percent Increase foo.html | 25 bar.html | -66.66 This shows foo.html's response time grew 25% and bar.html's reduced 66% from Nov to Dec. I've gotten this to work with the follow query: | eval month=strftime(_time,"%b") | chart avg(success_rate) by page, month | convert num("Dec") as dec_res num("Nov") as nov_res | eval rs_diff = (((dec_res / nov_res) * 100) - 100) | table page rs_diff However, this is not very flexible as I have to get the column by the month's name. This will only work for a month and then I have to change it. How can I get the same results without using hard-coded values? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM