- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Every Week Stats required for the eval % output.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Every Week Stats required for the eval % output.
We're having a trouble to get the evaluating stats for each week. Could anyone please help us on this..
query:
index="someIndex" sourcetype=access.log *** | stats count(eval(duration >70)) as timetakenGthanSeventyMsCount, count(eval(duration > 0)) as totaltimeTakenMsCount | eval OutOfRangePercentage= (timetakenGthanSeventyMsCount/totaltimeTakenMsCount)*100 |...........................
we need the output as below
Time OutOfRangePercentage
2018-02-01 (This week) 1.8%
2018-01-25 (last week) 0.4%
2018-01-18 1.7%
2018-01- 11 1.4%
.....
.... ..
... ...
...
... ....
2017-12-28 2.4%
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
can you try
index="someIndex" sourcetype=access.log *** | timechart span=7d count(eval(duration >70)) as timetakenGthanSeventyMsCount, count(eval(duration > 0)) as totaltimeTakenMsCount | eval OutOfRangePercentage= (timetakenGthanSeventyMsCount*100/totaltimeTakenMsCount)."%"
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the answer. It helps us a lot.
We need to filter below timings everyday form the above query. These weeks data shouldn't consists these timings logs data of each day.
eg. Today 8:30PM to next day early morning 1:00AM( Filter these timings)
If possible can you please help us for the time also. We need to show as below.
Time OutOfRangePercentage
2018-01-25 to 2018-02-02 1.2%
2018-01-18 to 2018-01-25 0.3%
2018-01- 11 to 2018-01- 11 1.2%
.......
.....
.... ..
... ...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
try this :
index="someIndex" sourcetype=access.log ***
((date_hour=20 date_minute<30) OR (date_hour<20)) AND (date_hour>=1)
| timechart span=7d count(eval(duration >70)) as timetakenGthanSeventyMsCount, count(eval(duration > 0)) as totaltimeTakenMsCount
| eval OutOfRangePercentage= (timetakenGthanSeventyMsCount*100/totaltimeTakenMsCount)."%"
| eval t=_time-604800
| eval t=strftime(t,"%Y-%m-%d"),Time=strftime(_time,"%Y-%m-%d")
| eval Time=t." to ".Time
| fields- _time t
| sort - Time
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Couldn't you search
index="someIndex" sourcetype=access.log ((date_hour=20 date_minute<30) OR (date_hour<20)) AND (date_hour>=1)
Instead of doing the more complicated convert process?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Oh, yeah Thanks..Actually I did not think in that way 😛
Corrected myself !
Announcing Scheduled Export GA for Dashboard Studio
Extending Observability Content to Splunk Cloud
More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!
