Solved: Re: How to search the count of IDs processed for m...

prashanthberam · ‎11-16-2016

hi i have two fields: IDs and response time in seconds. so by using the response time, i need to break down events
0-1 sec how many IDs were processed (their count)
1-2 sec how many IDs were processed
.....
9-10 sec how many IDs were processed

can someone help me thanks.

gokadroid · ‎11-16-2016

Have a look at these two answers and that is what I think you are looking for:

https://answers.splunk.com/answers/28420/custom-chart-bucket-span-widths.html
https://answers.splunk.com/answers/233835/reliable-way-to-specify-span-to-bucket-numeric-val.html

View solution in original post

gokadroid · ‎11-16-2016

Have a look at these two answers and that is what I think you are looking for:

https://answers.splunk.com/answers/28420/custom-chart-bucket-span-widths.html
https://answers.splunk.com/answers/233835/reliable-way-to-specify-span-to-bucket-numeric-val.html

prashanthberam · ‎11-16-2016

Thanks for your answer i got it by using the ceil and floor commands...thank you so much for your answers..it looks like it will also work for my case

niketn · ‎11-16-2016

Seems like you need the following, IDs processed every second (which in-turn will require you to run the search for shorter duration) :
your base search ID=* | timechart span=1s count(ID) as "IDs Processed"

If this is not what you need please provide field names and examples.

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"

How to search the count of IDs processed for multiple response time ranges?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Are you a member of the Splunk Community?

How to search the count of IDs processed for multiple response time ranges?

AppDynamics Summer Webinars

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor