{
    "alert_lag": 30,
    "alert_period": "5",
    "base_search": "| sim flow query=\"def weighted_duration(base, p, filter_, groupby):\n    error_durations     = data(base + '.duration.ns.' + p, filter=filter_ and filter('sf_error', 'true'),  rollup='max').mean(by=groupby, allow_missing=['sf_httpMethod'])\n    non_error_durations = data(base + '.duration.ns.' + p, filter=filter_ and filter('sf_error', 'false'), rollup='max').mean(by=groupby, allow_missing=['sf_httpMethod'])\n\n    error_counts     = data(base + '.count', filter=filter_ and filter('sf_error', 'true'),  rollup='sum').sum(by=groupby, allow_missing=['sf_httpMethod'])\n    non_error_counts = data(base + '.count', filter=filter_ and filter('sf_error', 'false'), rollup='sum').sum(by=groupby, allow_missing=['sf_httpMethod'])\n\n    error_weight     = (error_durations * error_counts).sum(over='1m')\n    non_error_weight = (non_error_durations * non_error_counts).sum(over='1m')\n\n    total_weight = combine((error_weight if error_weight is not None else 0) + (non_error_weight if non_error_weight is not None else 0))\n    total = combine((error_counts if error_counts is not None else 0) + (non_error_counts if non_error_counts is not None else 0)).sum(over='1m')\n    return (total_weight / total)\n\nfilter_ = filter('sf_environment', '*') and filter('sf_service', '*') and filter('sf_error','*') and not filter('sf_dimensionalized', '*')\ngroupby = ['sf_service', 'sf_environment', 'sf_error']\nweighted_duration('service.request', 'median', filter_, groupby).publish(label='medianLatency')\" \n| stats avg(_value) as medianLatency by sf_service sf_environment sf_organizationID _time",
    "description": "",
    "entity_filter_field": "sf_service",
    "entity_split_field": "sf_service",
    "is_filter_entities_to_service": true,
    "is_split_by_entity": true,
    "key": "da-itsi-cp-splunk-observability-splunkapm-rate-base-search",
    "metric_qualifier": "",
    "metrics": [
        {
            "aggregate_statop": "avg",
            "entity_statop": "median",
            "fill_gaps": "null_value",
            "gap_custom_alert_value": "0",
            "gap_severity": "unknown",
            "gap_severity_color": "#CCCCCC",
            "gap_severity_color_light": "#EEEEEE",
            "gap_severity_value": "-1",
            "key": "medianlatency",
            "threshold_field": "medianLatency",
            "title": "medianLatency",
            "unit": "ms"
        }
    ],
    "search_alert_earliest": "5",
    "title": "SplunkAPM Rate Base Search",
    "version": "0.0.36"
}