Hi
We are trying out the new Metrics Index in Splunk 7.0 and ran into issues when filtering on the data.
We want to only report the values inside business hours (Mon-Fri 7-18) for monthly reporting.
Our old search in the Events type Index looked like this:
**index="response" (date_hour>=7 AND date_hour<=18 AND NOT date_wday=sunday AND NOT date_wday=saturday) | stats count, avg(time), perc95(time) by app**
We can query the data but can't filter on hour or weekday, is there any possibilities to do this in the Metrics Index with mstats?
Or can you only see all data in a selected time period?
**| mstats avg(_value), perc95(_value) as p95, count WHERE index=mcg_apm_response_metrics AND metric_name=apm.response by app**
One work-around could be to add a dimension that was named Inside/Outside business hours, but then it would be impossible to change afterwards.
↧