Dashboards & Visualizations

create table

swetasoneji
New Member

462 <14>1 2019-03-26T10:45:33.423222+00:00 loggregator ae04d9d7-5ec4-4acd-a954-63c2e3733691 [APP/PROC/WEB] - - 2019-03-26 10:45:33.422+0000 org{am_sp} [log_from=ReportService] [thread=http-nio-8080-exec-8 ] INFO c.j.i.s.p.providers.PrismReportProvider [user=I298611] [swagger-d83e2a40-4fad-11e9-9d7a-6bf144a5c99d] [POST /api/v1/ts/collect/range] <-- Loaded Pri Report MAS/SRS - Time Series (EMEA-NOSPLIT)/72022/2019-03-15 (took 00:00:25.864)

I would like to put "took" values in table

index=am_sp log_from=ReportService "Loaded Pri Report"

Tags (1)
0 Karma
1 Solution

lakshman239
SplunkTrust
SplunkTrust

You would need a regex to extract it and then use it in table

index=am_sp log_from=ReportService "Loaded Pri Report"   | rex field=_raw "took(\s+(?<time_taken>[0-9:.]+))" | table _time, time_taken

https://regex101.com/r/lcAZF0/1

View solution in original post

0 Karma

lakshman239
SplunkTrust
SplunkTrust

You would need a regex to extract it and then use it in table

index=am_sp log_from=ReportService "Loaded Pri Report"   | rex field=_raw "took(\s+(?<time_taken>[0-9:.]+))" | table _time, time_taken

https://regex101.com/r/lcAZF0/1

0 Karma

swetasoneji
New Member

How to put that in graph

0 Karma

lakshman239
SplunkTrust
SplunkTrust

one way to get that in timechart is

 index=am_sp log_from=ReportService "Loaded Pri Report"   | rex field=_raw "took(\s+(?<time_taken>[0-9:.]+))" | timechart avg(time_taken) by host

Pls refer to the doc to change the reports/dashboards as you need.

https://docs.splunk.com/Documentation/SplunkCloud/7.2.3/SearchTutorial/Aboutsavingandsharingreports

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...