Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Average of Transactions for the top 50% of transactions

adityapavan18
Contributor
‎11-07-2011 12:24 AM

Hi,

I have data of transactions in logs.

using "duration" i can take the total duration of very transaction.And avg(duration) will give me the avg of all the transactions.

Now i need to calculate the average of only the top 50% best transaction on time.

i.e for example i have 100 transactions, I sort them according to duration(min to max), i need the average of the first 50 trasactions.

How can i achieve this?

Tags (3)
Reply
1 Solution
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎02-26-2012 12:17 PM

Here's how to do it.

1) calculate the median value for duration, using "eventstats", which puts the value onto every event/transation.

2) use "where" to filter out events/transactions that are below the median duration.

3) now calculate the average duration for the remaining events/transactions

Putting it all together:

"your transaction search" | eventstats median(duration) as threshold | where duration>= threshold | stats avg(duration)

View solution in original post

Reply
Solved! Jump to solution
Solution

carasso
Splunk Employee
Splunk Employee
‎02-26-2012 12:17 PM

Here's how to do it.

1) calculate the median value for duration, using "eventstats", which puts the value onto every event/transation.

2) use "where" to filter out events/transactions that are below the median duration.

3) now calculate the average duration for the remaining events/transactions

Putting it all together:

"your transaction search" | eventstats median(duration) as threshold | where duration>= threshold | stats avg(duration)

Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...