-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathrollup-phase2.sh
More file actions
executable file
·42 lines (34 loc) · 991 Bytes
/
rollup-phase2.sh
File metadata and controls
executable file
·42 lines (34 loc) · 991 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
#!/bin/bash
#
# Run our second phase of rollup, which consists of computing train stats on a daily basis.
#
# Errors are fatal
set -e
QUERY_BODY="
| eval lates=split(lates, \",\")
| mvexpand lates
| eval lateness=case(
lates > 15, \"> 15 min\",
lates > 5, \"> 5 min\",
true(), \"<= 5 min\")
| timechart span=1d count by lateness
| eval total='<= 5 min' + '> 5 min' + '> 15 min'
| eval pct_late = (('> 5 min' + '> 15 min') / total) * 100
| timechart span=1d
sum(total) as total
sum(\"<= 5 min\") as under_5_min
sum(\"> 5 min\") as over_5
sum(\"> 15 min\") as over_15
avg(pct_late) as pct_late
| eval pct_late=pct_late
| eval under_5_min=under_5_min
| eval over_5=over_5
| eval over_15=over_15
| collect index=summary sourcetype=lates_by_day2
"
QUERY="index=summary ${QUERY_BODY}"
echo "# "
echo "# About to rollup train stats on a daily basis."
echo "# "
docker exec -it splunk-lab /opt/splunk/bin/splunk search "${QUERY}"
echo "# Done!"