Solved: Re: Regex in Dashboard is taking too much time

nilaksh92 · ‎06-05-2017

Hi Everyone

I have multiple rex queries in my dashboard which are taking much time.

Is there any way, to take out the rex from my dashboard.

Query what I am using is

|rex field=a "(?<a_hour>[^:]+)?:(?<a_min>\d+)?:(?<a_sec>\d+)"
| eval a_seconds =(a_hour*3600)+(a_min * 60) + a_sec

Like this I have multiple queries for multiple fields.

Please help me out.

Thanks
Nikks

somesoni2 · ‎06-05-2017

Give this a try (adding HH portion if not present, then using convert)

....| eval a=if(len(a)!=8,"00".a,a)
| convert dur2sec(a) as a_seconds

somesoni2 · ‎06-05-2017

Give this a try (adding HH portion if not present, then using convert)

....| eval a=if(len(a)!=8,"00".a,a)
| convert dur2sec(a) as a_seconds

nilaksh92 · ‎06-06-2017

Thanks somesoni.

It worked.

Can we create a calculated field for the

| eval a=if(len(a)!=8,"00".a,a)
 | convert dur2sec(a) as a_seconds

Thanks
Nikks

somesoni2 · ‎06-05-2017

Can we have some sample data please, for field a?

cmerriman · ‎06-05-2017

i agree, can we have a few samples of this? if you timestamp is in :MM:HH, the regex above doesn't seem likely to work properly.

nilaksh92 · ‎06-05-2017

Hi

it use to get data like
:00:00
12:34:78
:34:56

cmerriman · ‎06-05-2017

your field a is HH:MM:SS?
you could just do a |convert dur2sec(a) as a_seconds

nilaksh92 · ‎06-05-2017

Hi

it is in :MM:HH format.

I tried |convert dur2sec(a) as a_seconds but it didn't work with above format.

Is there any other way?

Thanks
Nikks

cmerriman · ‎06-05-2017

can you try to add timeformat=":%M:%H"

nilaksh92 · ‎06-05-2017

Can you tell me the way how to add this?

Regex in Dashboard is taking too much time