I am having an issue in Splunk Enterprise regarding getting average transactions per second for my scenario. In my case I want to, for a given time period, get average transactions per second for each webservice request...
When I use following syntax its working fine:
index="index"
| transaction "correlationId" keepevicted=true
| timechart span=1s count as TPS
| stats count avg(TPS)
...but then I get average transactions per second for all webservice requests.
If I try the below:
index="index"
| transaction "correlationId" keepevicted=true
| timechart span=1s count as TPS
| stats count avg(TPS) by "service"
...I dont get any result back
Is there something I am doing completely wrong here?
All help and tips are much appreciated
You may find a solution similar to one I needed a while back to be helpful - timechart without using timechart
index=ndx sourcetype=srctp correlationId=* service=* earliest=-60m
| eval secs=strftime(_time, "%S")
| stats dc(correlationId) as TPS by secs service
| stats avg(TPS) as avgTPS by service
| chart avg(TPS) as avgTPS by service