Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Statistics: Creating Histogram out of a time bucketed Statictic

oldtester
Explorer
‎06-03-2015 08:17 AM

Excited to post my first Splunk question.

I want to perform statistical analysis on API response time that I get from our app server log.

The log format is:
timestamp1 API=<api1> ResponseTime=<R1>
timestamp2 API=<api2> ResponseTime=<R2>
timestamp3 API=<api3> ResponseTime=<R3>
timestamp1 API=<api1> ResponseTime=<R4>
..
..
For a week of data I want to plot the histogram of the hourly average of ResponseTime for api1.

I did the following query:
index=<index> api1|bucket _time span=1h|stats avg(ResponseTime) by _time

Now how do I take the result of the above query and build a histogram?

I did the following:
index=<index> api1|bucket _time span=1h|stats avg(ResponseTime) by _time as X|stats count(X)

But this query seems to be wrong.

Could you please recommend the correct query?

Reply
1 Solution
Solved! Jump to solution
Solution

oldtester
Explorer
‎06-03-2015 09:01 AM

Hi ngatchasandra,

It is not resulting in a series of values to plot a histogram. It is returning a single number(count).
What I am looking for is a frequency chart of hoourly average values .

I did the following:
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)
It is indeed giving a set of values for the average. Now, how in the search I do a frequency chart of these values?

View solution in original post

Reply
Solved! Jump to solution

oldtester
Explorer
‎06-03-2015 11:31 AM

Looks like it is working!. Just added bins=100 to your query.
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x) bins=100

Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-04-2015 05:48 AM

Please, you did not give me points . Perhaps it is to you even you have to give the points. Can you correct it?

0 Karma
Reply
Solved! Jump to solution
Solution

oldtester
Explorer
‎06-03-2015 09:01 AM

Hi ngatchasandra,

It is not resulting in a series of values to plot a histogram. It is returning a single number(count).
What I am looking for is a frequency chart of hoourly average values .

I did the following:
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)
It is indeed giving a set of values for the average. Now, how in the search I do a frequency chart of these values?

Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-03-2015 09:23 AM

Yes, try with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x)

0 Karma
Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-03-2015 08:49 AM

Hi oldtester,

Try with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats count(X) by _time

0 Karma
Reply
Solved! Jump to solution

ngatchasandra
Builder
‎06-03-2015 09:18 AM

Try now with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x)

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...