Demon
Reputation: 21
display selective fields in splunk in query
I am trying to create a table in splunk of some service endpoint and calculation time taken by each endpoint, now the problem i want to display selected endpoints based on time. This is the query i wrote to display the fields.
<query>index="test" | eval report=case(match(uri_path, "api/abc/"),
"anc", match(uri_path, "api/bcd/**"), "bcd", match(uri_path, "efc"),
"efc") | eval ms=round(microseconds/1000) | stats count, mean(ms) as
avgMillis, min(ms), max(ms), perc75(ms), perc95(ms), perc99(ms),
stdev(ms) by report | eval avgMillis=round(avgMillis) | eval
stdev(ms)=round('stdev(ms)') </query>
How should only end points be displayed only if they are more than 1 secs.
Upvotes: 0
Views: 333
Answers (1)
Related Questions
- Splunk : How to sum the values of the fields that are a result of if condition
- Splunk - display top values for only certain fields
- Splunk - Add numeric columns and display only that result
- Splunk how to display multiple stats queries in table?
- Splunk - Displaying addcoltotals into its own column
- Splunk query - Total or Count by field
- Generate Splunk report with only extracted fields
- How to extract a field from a Splunk search result and do stats on the value of that field
- How to extract a value from fields when using stats()
- Adding custom fields to splunk query