- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Statistics: Creating Histogram out of a time bucke...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Excited to post my first Splunk question.
I want to perform statistical analysis on API response time that I get from our app server log.
The log format is:
timestamp1 API=<api1> ResponseTime=<R1>
timestamp2 API=<api2> ResponseTime=<R2>
timestamp3 API=<api3> ResponseTime=<R3>
timestamp1 API=<api1> ResponseTime=<R4>
..
..
For a week of data I want to plot the histogram of the hourly average of ResponseTime for api1.
I did the following query:
index=<index> api1|bucket _time span=1h|stats avg(ResponseTime) by _time
Now how do I take the result of the above query and build a histogram?
I did the following:
index=<index> api1|bucket _time span=1h|stats avg(ResponseTime) by _time as X|stats count(X)
But this query seems to be wrong.
Could you please recommend the correct query?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ngatchasandra,
It is not resulting in a series of values to plot a histogram. It is returning a single number(count).
What I am looking for is a frequency chart of hoourly average values .
I did the following:
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)
It is indeed giving a set of values for the average. Now, how in the search I do a frequency chart of these values?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Looks like it is working!. Just added bins=100 to your query.
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x) bins=100
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please, you did not give me points . Perhaps it is to you even you have to give the points. Can you correct it?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi ngatchasandra,
It is not resulting in a series of values to plot a histogram. It is returning a single number(count).
What I am looking for is a frequency chart of hoourly average values .
I did the following:
index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)
It is indeed giving a set of values for the average. Now, how in the search I do a frequency chart of these values?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, try with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi oldtester,
Try with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats count(X) by _time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try now with index= api1|bucket _time span=1h|stats avg(ResponseTime) by _time |rename avg(ResponseTime) as X|stats values(X)|chart count by values(x)
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
