Solved: How to edit my timechart search to only return res...

marees123 · ‎08-26-2015

Hi All,

I'm using the search below for getting the avg response time that is greater than 500.

index=web <data> | timechart avg(api-response-time)

I'm getting results, but I would like to get the results where response time value is greater than 500.

Please help/

aljohnson_splun · ‎08-26-2015

So if you want to filter so that you have an average of all response times that were initally over 500, you'd have:

index=web <data> api-response-time>500
| timechart avg(api-response-time)

If you want to filter so that you have averages of all response times, and only retain the averages that are over 500, you'd have:

index=web <data>
| timechart avg(api-response-time) as average
| where average > 500

aljohnson_splun · ‎08-26-2015

So if you want to filter so that you have an average of all response times that were initally over 500, you'd have:

index=web <data> api-response-time>500
| timechart avg(api-response-time)

If you want to filter so that you have averages of all response times, and only retain the averages that are over 500, you'd have:

index=web <data>
| timechart avg(api-response-time) as average
| where average > 500

marees123 · ‎08-26-2015

Hi AlJohnson...

Thanks for the query.. It worked as expected...

Thanks again 🙂

How to edit my timechart search to only return results where the (average) response time is greater than 500?