Archive
Highlighted

Can you help me get a number value and average it?

Explorer

I am trying to get a value, in this case it is the # of seconds to respond, so that I can graph it or set alerts to it. Below are the log entries I am dealing with.

STATUS | wrapper  | main    | 2019/02/10 10:38:08.885 | Pinging the JVM took 5 seconds to respond.

So I need help pulling the number and the search for being able to graph this per a host.

0 Karma
Highlighted

Re: Can you help me get a number value and average it?

SplunkTrust
SplunkTrust

Assuming your log format is consistent, this will do the trick

index=... sourcetype=...
| rex JVM\s\took\s(?<jvm_duration>\d+)\sseconds
| timechart avg(jvm_duration) AS jvm_duration by host
Highlighted

Re: Can you help me get a number value and average it?

Esteemed Legend

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo
| rex "took\s+(?<responseSeconds>\d+)\s+seconds"
| timechart avg(responseSeconds) BY host
0 Karma