As per the below screenshot, If User made one request then in that request we have two calls (mentioned below), Every request will have unique request id assigned and each call response time would be different.
1) "MES" (This Call will always be one per request)
2) "EWM" ('n' number of calls will be triggered)
As per my requirement, While showing MES response time I need to subtract all the EWM calls time. Please give me your best thoughts and suggestions to complete this task.
I am new in splunk require your help. Thanks in advance !
HI
You can write search like below.
can you please try it? Please update replace fields with the original field name.
YOUR EXISTING SEARCH
| stats sum(PropetiesElapsedMilliseconds) as PropetiesElapsedMilliseconds by Properties.Http-RequestId, Properties.MII_ServiceType
| rename Properties.Http-RequestId as Properties_Http_RequestId, Properties.MII_ServiceType as Properties_MII_ServiceType
| stats sum(eval(if(Properties_MII_ServiceType="MES",PropetiesElapsedMilliseconds,0))) as MES,
sum(eval(if(Properties_MII_ServiceType="EWM",PropetiesElapsedMilliseconds,0))) as EWM
by Properties_Http_RequestId
| eval Total = MES - EWM
| table Properties_Http_RequestId MES EWM Total
I hope this will help you.
Thanks
HI
You can write search like below.
can you please try it? Please update replace fields with the original field name.
YOUR EXISTING SEARCH
| stats sum(PropetiesElapsedMilliseconds) as PropetiesElapsedMilliseconds by Properties.Http-RequestId, Properties.MII_ServiceType
| rename Properties.Http-RequestId as Properties_Http_RequestId, Properties.MII_ServiceType as Properties_MII_ServiceType
| stats sum(eval(if(Properties_MII_ServiceType="MES",PropetiesElapsedMilliseconds,0))) as MES,
sum(eval(if(Properties_MII_ServiceType="EWM",PropetiesElapsedMilliseconds,0))) as EWM
by Properties_Http_RequestId
| eval Total = MES - EWM
| table Properties_Http_RequestId MES EWM Total
I hope this will help you.
Thanks