topic Plot response time from this log in Splunk Search

Plot response time from this log

parekhdevang — Tue, 19 May 2020 04:37:00 GMT

Hi There,

Thanks in advance. I am trying to plot a graph with the request time for each request on the y-axis and minutes on the x axis.

Here is an example log entry.

10.xx.xx.xx - - [19/May/2020:03:15:46 +0000] "POST /web/Authorization?schema=1.3&form=json&httpError=true&cid=cd65b044-426b-4131-8e92-5f239a31cfc5" 200 92131 1 "Apache-HttpClient/4.3.1 (java 1.5)" "" cd65b044-426b-4131-8e92-5f239a31cfc5 miss "{\"authorize\":{\"operations\":[{\"service\":\"offerDataService\",\"instance\":\"offerDataService-gracenote-prod\",\"endpoint\":\"ContentEntitlement\",\"method\":\"GET\"}]}}"

Can anyone help me write a Splunk query for it?

Best,
DP

Re: Plot response time from this log

to4kawa — Sun, 24 May 2020 00:07:53 GMT

where is request time ?

a graph with the request time for each request on the y-axis and minutes on the x axis.

I am not sure the graph, please provide sample graph or pic.

Re: Plot response time from this log

gcusello — Sun, 24 May 2020 07:56:16 GMT

Hi @parekhdevang,
if request time is the timestamp of your ResultCode=200 events and you want a graph with the number of events in every minute for each host, you could try someing like this:

your_index ResultCode=200 
| timechart span=1m count BY host

if you haven't already extracted the ResultCode, you can do it in the search using the rex command

your_index 
| rex "\"\s+(?<ResultCode>\d+)\s+"
| search ResultCode=200 
| timechart span=1m count BY host

Ciao.
Giuseppe