All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Vizualizing Application Start End Times

vivasaayi
Engager
‎10-04-2013 01:39 AM

I am monitoring 4 applications. Each application is assigned an unique name (like App1, App2) and each running instance will have an instance id (a distinct GUID - SVID) and I am logging when they are started and stopped. I am able to get the duration, start time and end times of applications using the following query.

  • | where like (MESSAGE, "%Started%") or like (MESSAGE, "%Disposed%") | transaction SVID | eval starttime=strftime(_time, "%D %H:%M:%S") | eval endtime= strftime(_time+duration, "%D %H:%M:%S") | table SVID starttime duration endtime

The table looks fine. 

    APP     SVID                                    Start Time          Duration    End Time
1   App1    3f3c74bf-375b-4442-bd38-b6a22092a2c2    10/04/13 12:26:11   2.646   10/04/13 12:26:13
2   App1    0705742b-4d45-4203-8229-4f1571952a49    10/04/13 12:25:24   13.066  10/04/13 12:25:38
3   App2    5ae6483e-7e24-4f0b-93f1-7c1c0bd94c49    10/04/13 10:54:25   0       10/04/13 10:54:25

I am tying to create a Chart, which shows the start and end times as follows.

|
|       ****************************************    **********          ***************
|
|       ======= ====    ====    =====   =============================== =======
|
|       ++++++++        ++++++++++++++++++++++++++              ++++    +++++++++   ++++++
|
|
|_______________________________________________________________________________________________
                            Time

* - App1
= - App2
+ - App3

Could you please help?

Reply

yoho
Contributor
‎01-30-2017 12:31 AM

Hello, I have not yet found time to create this chart (low priority here) but I found this viz app which could reveal quite useful to create such a dashboard: https://splunkbase.splunk.com/app/1741/

0 Karma
Reply

duraij
Explorer
‎01-28-2017 11:36 AM

Were you able to achieve this I am trying to do the same thing.Please let me know

0 Karma
Reply

yoho
Contributor
‎01-23-2014 06:18 AM

Me too. I think it's not very trivial given the visualization tools of splunk. In the end, it comes down to making the timechart of a field whose value is 1 when your process is up and 0 when it's down. I'm also trying to make a chart similar to this one (well, less elaborate): http://www.bootchart.org/images/bootchart.png

0 Karma
Reply

adrianfowler
New Member
‎12-12-2013 01:56 AM

Did you have success with this? As I am trying to do the same thing!

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Index This | What travels the world but is also stuck in place?

April 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Realizing the full potential of your Splunk investment requires more than just understanding current usage; it ...

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

As data volumes continue to grow and environments become more distributed, managing and optimizing data ...