topic How to extract all fields from my sample log and graph the average of the values? in Splunk Search

How to extract all fields from my sample log and graph the average of the values?

karthikbits — Fri, 19 Aug 2016 23:26:08 GMT

Single log line:

{kpiMuleMS=12, kpiSecurityCheckMS=230, kpiGetQuoteMS=56, kpiGetLegalEntityMS=0, kpiOIILookupPersonaMS=0, kpiCreateSubscriptionMS=40, kpiGetOfferMS=0, kpiProcessSubscriptionMS=23, kpiPayAuthMS=9, kpiOIIFindRealmMS=1, kpiUpdateAccountMS=40, kpiGetAccountMS=10}

How do I graph the avg values of all the keys in a single graph?
Unfortunately, I do not have the log line in the following format..

key=kpiSecurityCheckMS latency=230
key=kpiMuleMS latency=12

Re: How to extract all fields from my sample log and graph the average of the values?

mhpark — Sat, 20 Aug 2016 00:04:30 GMT

The kv or extract command would work well here.

But, do you want an average of each kpi,
or an average of all kpis?

Try this for the former.

| kv pairdelim="=", kvdelim=","
| fields - _raw
| stats avg(*)

Re: How to extract all fields from my sample log and graph the average of the values?

sundareshr — Sat, 20 Aug 2016 00:15:37 GMT

Try this (if the fields are already extracted, ignore the extract segement)

base search | extract pairdelim="," kvdelim="=" | stats avg(kpiMuleMS) as kpiMuleMS avg(kpiSecurityCheckMS) as kpiSecurityCheckMS <<similarly for rest of your fields