average for sucessfully requests

chialin · ‎10-22-2013

Hi, I hava data in the log like the following:

userId    url     status    time
123       /abc    success   1000
123       /abc    failed    100000
234       /abc    success   1200

I would like to generate a report that returns

total # of requests
average time for sucessful requests

How can I achieve this with stats and other Splunk functions?

dsheldon · ‎10-22-2013

Using a single search:

index=foo | eval time_success=if(status="success",time,"") | stats COUNT(status) AS "Total Requests" AVG(time_success) AS "Average time - Success"

"time_success" stores only the values that should be averaged together. The stats command is then used to calculate both the total count and the average time of success

kristian_kolb · ‎10-22-2013

index=blah sourcetype=bleh | stats count AS "Total Requests"
index=blah sourcetype=bleh status=success | stats avg(time) AS "Avg time - successful"

If you want the result in one search, you can use the append search command. See the docs.

/K

average for sucessfully requests

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

New in Observability Cloud - Explicit Bucket Histograms