Averaging Fill Rates Over Time
I am trying to monitor fill rates of certain fields in my logs over time. Basically, I want to see the rate at which specific fields are non-null/blank on a day by day basis. To do so, I've:
- parsed the fields
- used the isBlank operator to create a new field with a value of 0 if the field is blank or a 1 if the field is filled
- averaged the created field to obtain a "fill rate" value
Basically my query looks like:
// parsing the json for fields I care about
| json field=%"extraData.params" "transaction_id" as transaction_id nodrop
| json field=%"extraData.params" "transaction_date" as transaction_date nodrop
| json field=%"extraData.params" "transaction_time" as transaction_time nodrop
// creating those "fill rate" fields
|if(isBlank(transaction_id),0,1) as transaction_id_check
|if(isBlank(transaction_date),0,1) as transaction_date_check
|if(isBlank(transaction_time),0,1) as transaction_time_check
//averaging those fields
| avg(transaction_id_check) as TID_check,
avg(transaction_date_check) as transaction_date_check,
avg(transaction_time_check) as transaction_time_check,
However, I want to be able to see those averages on a daily basis (preferably in a line chart) and then add that chart to a dashboard. I understand how to timeslice my logs, but can't figure out how to average all of the fields by timeslice. Ideally, I'd end up with an aggregates chart with row values of timeslice and column values of the field fill rate averages. Can anybody help?
-
Hi Will,
The good news is that you're nearly there :-)
[...]
| timeslice 1d
// Averaging those fields
| avg(transaction_id_check) as TID_check,
avg(transaction_date_check) as transaction_date_check,
avg(transaction_time_check) as transaction_time_check
by _timesliceLet me know if this isn't what you were after
- RJ
Please sign in to leave a comment.
Comments
2 comments