All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to see the Average Response Time entries

asm_coe
Explorer
‎03-19-2019 11:08 AM

alt textHello,

I have deployed splunk essentials for Application analytics under splunk 7.2.4(trial version)

I tried to configure the use case - Application Content / Identify Slow Web Pages which is part of the examples under the app.

Upon the ingestion of web server access logs, i ran the following command given under the example.

sourcetype="access_common"
| stats avg(response_time) as art by uri_path
| eval "Average Response Time (ms)" = round(art,2)
| sort -"Average Response Time (ms)"
| table uri_path "Average Response Time (ms)"

I'm unable to see Average Response entries under statistics.

A sample Extract from logs below.

06/02/2019
23:58:59.000
10.150.19.125 - - [06/Feb/2019:23:58:59 +0530] "GET /itpam/StartAgent?processType=startAgent≺ocess=startAgent⁢pam.agent.httpscompatible=false&AGENT_STARTUP_VERSION=1&DeprecatedComms=true&requestType=launchagent HTTP/1.1" 404 1097
host = source = localhost_access_log.2019-02-06.txt sourcetype = access_common
06/02/2019
23:57:30.000
10.150.19.125 - - [06/Feb/2019:23:57:30 +0530] "GET /itpam/StartAgent?processType=startAgent≺ocess=startAgent⁢pam.agent.httpscompatible=false&AGENT_STARTUP_VERSION=1&DeprecatedComms=true&requestType=launchagent HTTP/1.1" 404 1097
host = * source = localhost_access_log.2019-02-06.txt sourcetype = access_common

Preview file
1 KB
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎03-19-2019 10:57 PM

@asm_coe

Can you please confirm response_time coming in event? Just execute the below search.

sourcetype="access_common" | table _time response_time uri_path

If response_time coming then try below search.

sourcetype="access_common" 
| stats avg(response_time) as art by uri_path 
| eval art = round(art,2) 
| sort -art 
| table uri_path art | rename art as "Average Response Time (ms)"

View solution in original post

0 Karma
Reply
Solved! Jump to solution

asm_coe
Explorer
‎03-20-2019 12:18 AM

@kamlesh_vaghela - yes. seems like response_time is not part of the log events. Attached is the output for the command below.

I don't see any extractions for this field. yet i seealt text the field -response time under the table with null values.

Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution

asm_coe
Explorer
‎03-19-2019 11:21 PM

@kamlesh_vaghela - Thanks for your reply. Could see response time is not coming for this search which you provided. Please find the image attached. What could be issue and is there any way to get the response time under the table. Please advise.

Preview file
1 KB
0 Karma
Reply
Solved! Jump to solution
Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎03-19-2019 10:57 PM

@asm_coe

Can you please confirm response_time coming in event? Just execute the below search.

sourcetype="access_common" | table _time response_time uri_path

If response_time coming then try below search.

sourcetype="access_common" 
| stats avg(response_time) as art by uri_path 
| eval art = round(art,2) 
| sort -art 
| table uri_path art | rename art as "Average Response Time (ms)"
0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎03-19-2019 11:39 PM

@asm_coe

I think response_time field is not coming with an event. Is this field coming via any extractions ??
Can you please share output from the below search?

sourcetype="access_common" | table _time response_time uri_path
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎03-20-2019 02:17 AM

@asm_coe

It seems response_time not available in the event. Can you please whether any other field contains value of response_time?

And one request: can you please reply me by adding a comment below my comment instead of adding new comment?? 🙂 🙂

0 Karma
Reply
Solved! Jump to solution

asm_coe
Explorer
‎03-20-2019 02:26 AM

@kamlesh_vaghela - To my understanding no other field contains value of response_time. Also i have confirmed the same with the apps team.

0 Karma
Reply
Solved! Jump to solution

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎03-20-2019 03:22 AM

@asm_coe

Yeah. I think you got your answer, why "Average Response Time" doesn't have any value in search table. Kindly upvote my comment which is useful to you and accepts the answer to close this question.

Happy Splunking

0 Karma
Reply
Solved! Jump to solution

asm_coe
Explorer
‎03-20-2019 03:26 AM

@kamlesh_vaghela Sure, Thanks for your assistance.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...