The venerable old-skool Splunk forums are now closed. Feel free to search for old content here, but new posts are no longer supported.

Instead, please visit the thriving community at answers.splunk.com to ask and answer questions about your Splunk deployment and how to get the most out of it.

Forums: SplunkAdministration: getting average by adding times

Previous Topic: Pushing Windows inputs to a different index? | Next Topic: Why is splunk throwing data into multiple indexes?

Posts 1–2 of 2

posted by: rajc | posts
date: March 15, 2010
permalink

hi folks,
noob to splunk here and i am loving this product.

question i have is this:

we have 8 servers that are logging information. i was wondering if somehow i could average the times and other stats from these logs together.

for example, one of the log stat is Response Size of the query that was sent back to the client. such as responsetime=1000

where the time is measured in milliseconds.

can i have splunk go across the log from the 8 hosts and add the response time field to get an average so that we know whats an avg. size of response by the all 8 servers? I have it reading from all 8 logs and doing other things but do not know how i can add the stats together etc.

i would really appreciate your help and insight here!

Thank you,

posted by: gkanapathy | posts
date: March 16, 2010
permalink

Yes, you should look at the stats command and the timechart command:

http://www.splunk.com/base/Documentation/latest/SearchReference/Stats
http://www.splunk.com/base/Documentation/latest/SearchReference/Timechart
http://www.splunk.com/base/Documentation/latest/SearchReference/CommonStatsFunctions

But you will have to be sure that the fields in question are extracted by Splunk to use them.

Forums: SplunkAdministration: getting average by adding times

Description:

Permalink:

Splunk.com

Product:

Solutions:

Industries:

Partners:

About_us:

Support:

Services:

Resources:

Download