![]() ![]() It is important to identify outliers in length of transactions. |timechart span=10m fixedrange=F avg(duration) |stats count values(_time) AS _time first(_time) AS first last(_time) AS last BY sessionID This information could be used to find out what periods in time performance are slow and to see which transactions may have missed SLAs based on agreed upon SLA numbers. ► Average duration chart for transactions that completedįor a hypothetical, four-step transaction, it is important to calculate how long each completed transaction takes. |stats count(eval(action="start")) AS start_count count(eval(action="in-progress")) AS in-progress_count count(eval(action="ending")) As ending_count count(eval(action="finished")) AS finished_count How many went to two steps, three steps, or completed? This information helps measure the quality of the application as it is best if all transactions complete. Number of steps completed for all transactions startedįor a hypothetical, four-step transaction, it is important to have counts on how many steps were performed for each transaction that started. ![]() Running four different subsearches for each transactions step using the appendcols command outputs all results into one report. If the number of transactions terminating at the sub-steps is larger than zero, investigate why those transactions did not finish. Ideally, you would want all transactions to complete and have zero counts for all the terminated sub-steps. You can print other fields by using list or values in the stats command.Ĭounts for terminated transaction that did not finishįor a hypothetical, four-step transaction, it is important to have counts on how many transactions terminated at each step.Change the count value in the last search command to see how many transactions made it through 2 or 3 steps instead.| stats values(_time) AS time values(action) AS action values(customer) AS customer count BY sessionID This is important for accuracy and also for investigation for improving the system. In addition, to optimize the searches shown below, you should specify an index and a time range when appropriate.īy monitoring the list of sessions that only made it partially to the end, analysts can make better decisions to improve the application. This search not only gives you an indicator of how many did not finish, but it also provides details about each one that did not finish and how many steps they did finish. Your typical banking transactions may include more than four steps, and some commands, parameters, and field names in the searches below may need to be adjusted to match your environment.The searches provided here are a good starting point, but depending on your data, search time range, and other factors, more can be done to ensure that they scale appropriately. Splunk recommends that customers look into using data models, report acceleration, or summary indexing when searching across hundreds of GBs of events in a single search. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |