Hi.
I'm creating an Apdex SLA report on "user response time" performance in my application. I am aware about the "ApDex Add-on", but I prefer to create my own.
I've run in to a problem with using lists and need some advice.
The SLA values are stored in a lookup table containing the threshold for each user interaction and the file is called performanceApdex.csv
, here is a sample:
uea=UserEventAction T=threshold
uea,T
openBimViewer,2000
openCopyDialog,1000
openMoveDialog,1000
utt = UserTotalTime
This is my search:
index=prod_index sourcetype=apache_access "/collectStats*" | table uea, utt | inputlookup append=t performanceApdex.csv | stats list(utt) as UTT, first(T) as T by uea | mvexpand UTT | stats count(eval(UTT<=T)) as Satisfied, count(eval((UTT>T) AND (UTT<4*T))) as Tolerated, count(eval(UTT>4*T)) as Frustrated | eval Total=(Satisfied+Tolerated+Frustrated) | eval ApdexScore=round((Satisfied+(Tolerated/2))/Total,2) | eval %Satisfied = round(((Satisfied/Total)*100),1) | eval %Tolerated = round(((Tolerated/Total)*100),1) | eval %Frustrated = round(((Frustrated/Total)*100),1) | fields - Satisfied, Tolerated, Frustrated, Total
When I run the search, I get the warning message in the Job drop-down located under the search field:
"'stats' command: limit for values of field 'utt' reached. Some values may have been truncated or ignored."
I need to get ALL user response times (utt), but the order is not important. Is there a better way to do this search?
Best regards Patrik
You could alter the size of the list returned in limits.conf.
This answer might help https://answers.splunk.com/answers/132521/stats-command-limit-for-values-of-field-xxx-reached-some-v...