Hello Splunk Users
I m trying to get an average response time per IP for a few sites I m monitoring.
This gives me the a list of URL with all ip values found for it. However, it is showing the avg time for all IP instead of the avg time for every IP.
The only solution I found was to use:
However, that makes the report looks heavy and not very friendly since the same url are showing multiple times.
Is there any way to get the avg time by remote_ip, which is itself by url without having duplicates entries in the output?
Thank you in advance,
EG
I am not sure this is what you're looking for but if you just want a report with urls then a list of ips and a list of the times per IP try this:
| stats avg(time) as "time_per_ip" by url, remote_ip | stats list(remote_ip) as "IPs" list(time_per_ip) as "time_per_ip" by url | table url IPs times_per_ip
This will give you a consolidated table.
I am not sure this is what you're looking for but if you just want a report with urls then a list of ips and a list of the times per IP try this:
| stats avg(time) as "time_per_ip" by url, remote_ip | stats list(remote_ip) as "IPs" list(time_per_ip) as "time_per_ip" by url | table url IPs times_per_ip
This will give you a consolidated table.
Perfect, that did the trick.
Thank you.
EG