How to calculate perc95 Response Time

deepak02 · ‎07-24-2017

Hi,

WHAT I NEED : Formula to calculate perc95 of responseTime

WHAT I HAVE:
I have a summary index which gives the below results,

To calculate the Average Response Time, I use the below formula,

The Splunk query is:
index=prod-pottery-store sourcetype=app:Potter:Performance login_type=* | eval responseTime_per_event=No_of_Events*responseTime | stats sum(responseTime_per_event) as "Total_Response_Time",sum(No_of_Events) as "Total_Events"| eval Average_Duration=Total_Response_Time/Total_Events

What formula should I use to calculate perc95 responseTime?

Thanks,
Deepak.

sbbadri · ‎07-24-2017

try

your search | stats list(value) avg(value) median(value) perc95(value)

deepak02 · ‎07-24-2017

Thankyou @sbbadri, this is a special case. I do not think mean(), perc95() will give us the answer.

For each responseTime, there are many No_of_Events (e.g.: 10 events for responseTime = 5, 8 events for responseTime=10).

The average responseTime is [(10 * 5) + (10*8)] / (10+8) = 7.2
mean(responseTime) is 7.5

How do I calculate perc95(responseTime) ?

s2_splunk · ‎07-24-2017

use the perc() function documented here as demonstrated in sbbadri's response.

How to calculate perc95 Response Time

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor