×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
nikhilpai
Explorer
Member since: ‎07-13-2021
‎07-19-2021
Community Statistics
Posts 6
Solutions 1
Karma Given 0
Karma Received 0
Member Since ‎07-13-2021
Activity Feed
Topics I've Started
View All

Re: timechart not showing correct values

by in Reporting
‎07-18-2021 11:23 PM
‎07-18-2021 11:23 PM
We figured this out. We are using dedup as we have some values which het updated in the source at different intervals. Hence when we were selecting the window 00:45 - 1:30 the dedup would be done across this time period and hence the % would go less in the first 15 min slot as they had corresponding  duplicate values in the third 15 min slot. but when we would filter based only on the first 15 min slot it would show a higher % as there were no corresponding duplicates in this window. So not a issue it only how the data is collected. Thanks .     ... View more

Re: timechart not showing correct values

by in Reporting
‎07-14-2021 10:37 PM
‎07-14-2021 10:37 PM
Thank You for your time hope someone else can help. ... View more

Re: timechart not showing correct values

by in Reporting
‎07-14-2021 07:08 AM
‎07-14-2021 07:08 AM
Thank you for your patience .This is the first screen. I have selected a time period from 00:45 to 1:30 span=15m as given in the query. I am taking example of the first entry on 00:45. The count is shown as 14 & mean of around 57%. 1-statistics for the first one 00:45 if I go to the events, I see 104 events and the status count as below. [which is not same as count of 14 ] 2-status_count From  the statistics page if I narrow down to the 00:45 window I get expected values. So not sure what's happening here. Appreciate any insights on this. 3-narrow_dwn Thanks. ... View more

Re: timechart not showing correct values

by in Reporting
‎07-13-2021 09:07 PM
‎07-13-2021 09:07 PM
For e.g. in the case mentioned if I go down to the events it shows me 93% "Y" & 7% "N" with about 104 total events for the mentioned time frame [00:45 - 01:00]. But on the statistics page we are seeing 60% "Y" and if I put a count in the timechart as below it shows a count of 14. Again if I go in the events I see 104 events. So, very much confused on how the timechart is interpreting the data. timechart span=15m count(completed) as tot_cnt  by bizname useother=false limit=100 ... View more

Re: timechart not showing correct values

by in Reporting
‎07-13-2021 06:43 AM
‎07-13-2021 06:43 AM
Thanks for the reply @richgalloway . In this case we are using 100 for success & 0 for failure , no other values That would kind of work like a % in this case, I might be wrong. Would you please advice how do I use calculation of % via eval in the query I am using. I have tried with count but it gives same kind of values as with mean function. Thanks. ... View more

timechart not showing correct values

by in Reporting
‎07-13-2021 05:40 AM
‎07-13-2021 05:40 AM
Hi, I am new to splunk and am trying to build one timechart. we have the following timechart search query which is not giving the correct values in statistics but when we browse the events from the statistics the required data seems to be there.  Not able to figure out how timechart exactly works here. Query as below , request help / explanation for the behavior. Filtered for a particular bizname, I select the date range from say 00:45 to 1:30 for a particular day. I get the wrong "Percentage" value [say 60%] for the first block [00:45 to 1:00], but when go to the events and check it comes out to be 93%. What am I doing wrong here. index=index1 sourcetype=*XYZ*  | dedup col1, col2,col3 | search bizname="ABC" | where completed in("Y","N") | eval status=if(completed ="Y",100,0) | timechart span=15m mean(status) as Percentage by bizname useother=false limit=100 | fillnull value=100 Thanks.   ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎07-19-2021 02:44 AM