Here is my search:
index=jenkins* job_name=mosaic-os*/master event_tag=job_event (type=started OR type=completed) (job_result=SUCCESS) | dedup build_number | eval build_duration = job_duration + queue_time + 'test_summary.duration' | eventstats sum(stages{}.duration) as actual_build_time by build_number | eval time_waiting_for_executor = job_duration-actual_build_time-queue_time | stats values(job_name) as "Job Name", values(job_result) as "Included Job Results", avg(queue_time) as "Queue Time", avg(time_waiting_for_executor) as "Executor Wait Time", avg(build_duration) as "Build Duration", min(build_duration) as "Min Build Duration", max(build_duration) as "Max Build Duration", stdev(build_duration) as "Duration Standard Deviation", stdev(queue_time) as "Queue Time Standard Deviation", stdev(test_summary.duration) as "Test Standard Deviation" | append [search index=jenkins* job_name=mosaic-os*/master event_tag=job_event (type=started OR type=completed) (NOT job_result=SUCCESS) | dedup build_number | eval build_duration = job_duration + queue_time + 'test_summary.duration' | eventstats sum(stages{}.duration) as actual_build_time by build_number | eval time_waiting_for_executor = job_duration-actual_build_time-queue_time | stats values(job_name) as "Job Name", values(job_result) as "Included Job Results", avg(queue_time) as "Queue Time", avg(time_waiting_for_executor) as "Executor Wait Time", avg(build_duration) as "Build Duration", min(build_duration) as "Min Build Duration", max(build_duration) as "Max Build Duration", stdev(build_duration) as "Duration Standard Deviation", stdev(queue_time) as "Queue Time Standard Deviation", stdev(test_summary.duration) as "Test Standard Deviation" ]
Basically the only difference is the first shows successful builds while the second shows non successful builds. There's got to be a better way to write this query, but I'm not well versed enough in Splunk to figure it out.
... View more