I'm currently generating an AvgTime of processing cycles in a thread within a 5 min duration and writing these out to a log similar to this
[PrepareEvents, DispatchAll]
PrepareEvents samples Avg: 2757ns; Median: 1411ns; Max: 1533433ns; Total Events: 277138; Total Items: 314155
I want to perform the following calculation so i find out how many average ns i've spent processing cycles in the 5min duration
avgTime (multiply i cant add star here) Total items * 100 / (5 min in nanos
Can i do this in splunk ?
Hi @luckyman80
Does this do what you need: <your search> | rex "Avg:\s*(?<avg>\d+)ns;\s*Median:\s*(?<median>\d+)ns;\s*Max:\s*(?<max>\d+)ns;\s*Total Events:\s*(?<total_events>\d+);\s*Total Items:\s*(?<total_items>\d+)" | eval result = (avg * total_items) / 300000000000
All the best, Chris.
actually i see the issue. it seems the percentage calculation is missing from your first example
Total items * 100
how do I make this a percentage ?
If you just need the results to be displayed as a percentage you can add a | eval result = result." %"
to the search string.
This can even be used for rounding down if needed: |eval result = round(result,2)." %"
Thanks guys this looks good one last ask .. sorry for all the questions.. do you know how to turn the result into a percentage rather then raw value ?
Hi Chris, Thanks for your prompt response. How do I show the result from the calculation only ?
Thanks again
Paul
just add a |table result
to the search Chris provided!
Hi Paul
<your search> | rex "Avg:\s*(?<avg>\d+)ns;\s*Median:\s*(?<median>\d+)ns;\s*Max:\s*(?<max>\d+)ns;\s*Total Events:\s*(?<total_events>\d+);\s*Total Items:\s*(?<total_items>\d+)" | eval result = (avg * total_items) / 300000000000 | table result
Hi @luckyman80
Does this do what you need: <your search> | rex "Avg:\s*(?<avg>\d+)ns;\s*Median:\s*(?<median>\d+)ns;\s*Max:\s*(?<max>\d+)ns;\s*Total Events:\s*(?<total_events>\d+);\s*Total Items:\s*(?<total_items>\d+)" | eval result = (avg * total_items) / 300000000000
All the best, Chris.