All Apps and Add-ons

Network Metrics Statistics

riotnrrd
Engager

Hi;

I have event lines that summarize Round Trip Times for pings to various router IPs. For example:

2014-02-26T12:45:56-05:00 opskzlp130 rtt: 10.70.0.28=0.423 10.70.0.30=0.404 10.70.80.28=18.807 10.70.80.30=18.887 10.68.12.31=21.904 10.29.58.28=53.157 10.29.58.30=52.500 10.70.48.28=23.617 10.70.48.30=23.780 10.59.0.28=37.253 10.59.0.30=37.177 10.29.32.28=29.125 10.29.32.30=29.212 10.29.0.28=107.619 10.29.0.30=103.525 10.29.140.28=115.682 10.70.64.28=73.692 10.70.64.30=73.911 10.28.128.28=74.269 10.65.29.28=11.257 10.65.29.30=11.333 10.29.43.28=42.183 10.29.43.30=39.819 10.44.48.28=35.346 10.44.48.30=35.907 10.29.57.28=39.032 10.70.207.22=34.584 10.28.0.28=78.575 10.28.0.30=78.550 10.29.128.30=219.439

These lines are written every second. What I want is to graph / timechart the average RTT for each router=rtt value over some window (1 minute, 1 hour, 1 day, etc).

So over the window, Splunk would pick out the RTT values for each unique router in the list, and compute the statistics, in this case average RTT over the window splitting by router.

How might I accomplish something like this?

Tags (1)
0 Karma
1 Solution

martin_mueller
SplunkTrust
SplunkTrust

You could do this:

your search yielding such events | rex max_match=0 "\b(?<router_rtt>\d+\.\d+\.\d+\.\d+=\d+\.?\d*)\b" | mvexpand router_rtt | rex field=router_rtt "^(?<router>[^=]+)=(?<rtt>[^=]+)$" | timechart avg(rtt) by router

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust

You could do this:

your search yielding such events | rex max_match=0 "\b(?<router_rtt>\d+\.\d+\.\d+\.\d+=\d+\.?\d*)\b" | mvexpand router_rtt | rex field=router_rtt "^(?<router>[^=]+)=(?<rtt>[^=]+)$" | timechart avg(rtt) by router

riotnrrd
Engager

Perfect! Thank you!

0 Karma
Get Updates on the Splunk Community!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Splunk Education believes in the value of training and certification in today’s rapidly-changing data-driven ...

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

As security threats and their complexities surge, security analysts deal with increased challenges and ...

Observability Highlights | January 2023 Newsletter

 January 2023New Product Releases Splunk Network Explorer for Infrastructure MonitoringSplunk unveils Network ...