Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About billycn20
billycn20
Explorer
Member since:
05-05-2021
05-07-2021
Community Statistics
| Posts | 8 |
| Solutions | 0 |
| Karma Given | 1 |
| Karma Received | 0 |
| Member Since | 05-05-2021 |
Activity Feed
- Posted Re: format my successRate query into a week over week comparison on Splunk Search. 05-06-2021 01:11 PM
- Posted Re: format my successRate query into a week over week comparison on Splunk Search. 05-06-2021 12:59 PM
- Posted format my successRate query into a week over week comparison on Splunk Search. 05-06-2021 12:45 PM
- Tagged format my successRate query into a week over week comparison on Splunk Search. 05-06-2021 12:45 PM
- Tagged format my successRate query into a week over week comparison on Splunk Search. 05-06-2021 12:45 PM
- Posted Re: measuring overall success rate based off two transactions present in logs, but want to group results by a field on Splunk Search. 05-06-2021 12:42 PM
- Posted Re: measuring overall success rate based off two transactions present in logs, but want to group results by a field on Splunk Search. 05-06-2021 12:26 PM
- Posted Re: measuring overall success rate based off two transactions present in logs, but want to group results by a field on Splunk Search. 05-05-2021 02:05 PM
- Karma Re: measuring overall success rate based off two transactions present in logs, but want to group results by a field for sravankaripe. 05-05-2021 02:05 PM
- Posted Re: measuring overall success rate based off two transactions present in logs, but want to group results by a field on Splunk Search. 05-05-2021 01:41 PM
- Posted measuring overall success rate based off two transactions present in logs, but want to group results by a field on Splunk Search. 05-05-2021 01:11 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
05-06-2021
01:11 PM
using that suggestion as well, doesn't provide any change in results. my stats actually still looks identical to my original query: here is the updated query as per your suggestions: index=jj3 "TRANSACTIONA" OR "TRANSACTIONB" | rex field=log "\"app_id\": \W(?<app_id>\w+)\W" | rex field=log "\"event_name\": \W(?<event_name>[a-zA-Z-|_|:]+)\W" | eval firstTransaction=if(event_name=="TRANSACTIONA", 1, 0) | eval secondTransaction=if(event_name=="TRANSACTIONB", 1, 0) | bin _time span=2w | stats sum(firstTransaction) as TotalfirstTransaction sum(secondTransaction) as TotalsecondTransaction by app_id | eval successRate=round(TotalsecondTransaction/TotalfirstTransaction*100, 1)."%" | fillnull successRate | sort - successRate | search NOT successRate=0
... View more
05-06-2021
12:59 PM
no, that doesn't seem to provide any desirable results.
... View more
05-06-2021
12:45 PM
i have a working query which is monitoring the success rate based off a value called app_id. i want to extend the current query i have and also show the success rate for each app_id but broken down by currentWeek, lastWeek, 2weeksago success rate percentage. My current query is: index=jj3 "TRANSACTIONA" OR "TRANSACTIONB" | rex field=log "\"app_id\": \W(?<app_id>\w+)\W" | rex field=log "\"event_name\": \W(?<event_name>[a-zA-Z-|_|:]+)\W" | eval firstTransaction=if(event_name=="TRANSACTIONA", 1, 0) | eval secondTransaction=if(event_name=="TRANSACTIONB", 1, 0) | stats sum(firstTransaction) as TotalfirstTransaction sum(secondTransaction) as TotalsecondTransaction by app_id | dedup app_id | eval successRate=round(TotalsecondTransaction/TotalfirstTransaction*100, 1)."%" | fillnull successRate | sort - successRate | search NOT successRate=0
... View more
- Tags:
- time
- weekoverweek
Labels
- Labels:
-
stats
05-06-2021
12:42 PM
my query as of right now is: index=jj3 "TRANSACTIONA" OR "TRANSACTIONB" | rex field=log "\"app_id\": \W(?<app_id>\w+)\W" | rex field=log "\"event_name\": \W(?<event_name>[a-zA-Z-|_|:]+)\W" | eval firstTransaction=if(event_name=="TRANSACTIONA", 1, 0) | eval secondTransaction=if(event_name=="TRANSACTIONB", 1, 0) | stats sum(firstTransaction) as TotalfirstTransaction sum(secondTransaction) as TotalsecondTransaction by app_id | dedup app_id | eval successRate=round(TotalsecondTransaction/TotalfirstTransaction*100, 1)."%" | fillnull successRate | sort - successRate | search NOT successRate=0
... View more
05-06-2021
12:26 PM
@sravankaripe wondering if you can help me refine this same query you provided me to show me the same data, but just represented in a week over week comparison. is that possible using my current query? something like: App_id, TotalfirstTransaction, TotalsecondTransaction, successRate, currentWeeksuccessRate, PreviousWeek, 3Weeks ago
... View more
05-05-2021
02:05 PM
thank you! looks like i was very close after all. this is what i wanted.
... View more
05-05-2021
01:41 PM
because my log events contain sensitive data, i cannot share that. but i can provide you the expected output of what I'm looking to generate, extending what i have currently.
... View more
05-05-2021
01:11 PM
I am trying to measure our success rate on our platform. there are two individual events which we care to see in order to consider a transaction 'successful'. The two event_names we are looking for are "TRANSACTIONA" and "TRANSACTIONB" . The tricky part here is that i don't only want to know the overall success rate, but i want each individual success rate to be grouped by a field which i am creating in my query using rex. the field here is 'app_id'. I already have the overall success rate working in the below query, but trying to get these same 3 stats grouped for each individual app_id found is where i am having issues. Below is my current working query, looking to be extended into groups for each app_id: index=jj3 "TRANSACTIONA" OR "TRANSACTIONB" | rex field=log "\"app_id\": \W(?<app_id>\w+)\W" | rex field=log "\"event_name\": \W(?<event_name>[a-zA-Z-|_|:]+)\W" | eval firstTransaction=if(event_name=="TRANSACTIONA", 1, 0) | eval secondTransaction=if(event_name=="TRANSACTIONB", 1, 0) | stats sum(firstTransaction) as TotalfirstTransaction sum(secondTransaction) as TotalsecondTransaction | eval successRate=round(TotalsecondTransaction/TotalfirstTransaction*100, 1)."%" So essentially i want: for each app_id found, i want to stats the following into output : App_id, TotalfirstTransaction, TotalsecondTransaction, successRate
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
05-07-2021
05:32 PM
|
