Hi Team, I am trying to get list of apis , whose avg response time is greater than particular threshold. Using Chart and timechart to gain avg response stats in dashboard to display APIs whose avg response time is greater than particular threshold. Query using: chart command: index=### sourcetype=### | rex field=_raw "###(?[^ ]+)" | eval fields=split(Application_Name,"-") | eval Service_name=mvindex(fields,1)."-".mvindex(fields,2) |chart span=15m avg(response_time) over _time by Service_name where avg > 5 usenull=f | fields - OTHER and timechart command: index=### sourcetype=### | rex field=_raw "###(?[^ ]+)" | eval fields=split(Application_Name,"-") | eval Service_name=mvindex(fields,1)."-".mvindex(fields,2) |timechart span=15m avg(response_time) by Service_name where avg > 5 usenull=f | fields - OTHER .Results, for both using where condition, i could still see those api ,whose avg time is less than 5sec , but near to 5sec, e.g. api with 3 sec or 3.5 comes up panel.
... View more
