Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to get a percentage calculation ?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
zacksoft
Contributor
04-06-2020
10:14 AM
I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average response time i am calculating like this,
timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
I am looking for an output that should do a comparison of serv1 with other two and give me a result like below,
Serv1's avg_resp_time is 20 % higher than Serv2
Serv1's avg_resp_time is 10 % higher than Serv3
something like this.. I don't want an absolute value but a percent value and how much it is higher than Serv1.
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
04-07-2020
02:55 AM
....
| timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
| eval result1="Serv1's avg_resp_time is ".case(serv1>serv2,(round(serv1/serv2*100))."% higher than Serv2", serv1<serv2,(round(serv2/serv1*100))."% lower than Serv2", true(), "same with Serv2")
| eval result2="Serv1's avg_resp_time is ".case(serv1>serv3,(round(serv1/serv3*100))."% higher than Serv3", serv1<serv3,(round(serv3/serv1*100))."% lower than Serv3", true(), "same with Serv3")
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
to4kawa
Ultra Champion
04-07-2020
02:55 AM
....
| timechart span=1d eval(round(avg(req_time_seconds),2)) as avgresponse_time by host
| eval result1="Serv1's avg_resp_time is ".case(serv1>serv2,(round(serv1/serv2*100))."% higher than Serv2", serv1<serv2,(round(serv2/serv1*100))."% lower than Serv2", true(), "same with Serv2")
| eval result2="Serv1's avg_resp_time is ".case(serv1>serv3,(round(serv1/serv3*100))."% higher than Serv3", serv1<serv3,(round(serv3/serv1*100))."% lower than Serv3", true(), "same with Serv3")
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Get Updates on the Splunk Community!
Tech Talk Recap | Mastering Threat Hunting
Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...
Observability for AI Applications: Troubleshooting Latency
If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...
Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?
In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...
