我正在尝试在某些服务端点的 splunk 中创建一个表以及每个端点所花费的计算时间,现在我想根据时间显示选定的端点的问题。这是我为显示字段而编写的查询。
<query>index="test" | eval report=case(match(uri_path, "api/abc/"),
"anc", match(uri_path, "api/bcd/**"), "bcd", match(uri_path, "efc"),
"efc") | eval ms=round(microseconds/1000) | stats count, mean(ms) as
avgMillis, min(ms), max(ms), perc75(ms), perc95(ms), perc99(ms),
stdev(ms) by report | eval avgMillis=round(avgMillis) | eval
stdev(ms)=round('stdev(ms)') </query>
只有当它们超过 1 秒时才应该只显示端点。