Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

同時実行イベント数のタイムチャートの作成方法 How to create a time chart of the number of concurrent events

kyamane2015
New Member
‎09-16-2018 08:38 PM

下記の様なデータの同時実行数の集計を考えています。
CallID,JoinTime,LeaveTime,CallState
146792,2018-08-01 07:59:19,2018-08-01 08:22:11,COMPLETED
146794,2018-08-01 08:00:00,2018-08-01 09:59:00,COMPLETED
146795,2018-08-01 08:00:00,2018-08-01 09:01:21,COMPLETED
146796,2018-08-01 08:00:08,2018-08-01 08:22:08,COMPLETED

・JoinTime 開始時刻
・LeaveTime 終了時刻

開始時刻と終了時刻の間が実行時間で、同時に実行されているイベントの
タイムチャートを作成したいです。

search文を下記の通り、作成していますが、上手くいきません。
(CallState=COMPLETED host="")
| eval duration=LeaveTime-JoinTime
| concurrency duration=duration start=JoinTime
| timechart max(concurrency)

splunk初心者で申し訳ありませんが、ご教示いただけますと助かります。

English translation:

We are planning to calculate the number of concurrent executions of data as shown below.
CallID, JoinTime, LeaveTime, CallState 146792, 2018-08-01
07: 59: 19, 2018-08-01 08: 22: 11, COMPLETED
146794 , 2018-08-01 08: 00: 00,2018-08-01 09: 59: 00, COMPLETED
146795 , 2018 - 08 - 01 08: 00 : 00, 2018 - 08 - 01 09: 01: 21, COMPLETED
146796 , 2018 - 08 - 01 08: 00: 08 , 2018 - 08 - 01 08: 22: 08, COMPLETED

· JoinTime start time
· Leave time end time

It is the execution time between the start time and the end time,
and I want to create a time chart of the events that are being executed at the same time.

I created a search sentence as below, but I am not going.
(CallState = COMPLETED host = "")
| eval duration = LeaveTime - JoinTime
| concurrency duration = duration start = JoinTime
| timechart max (concurrency)

I am sorry by the beginner, but I am saved if you can teach.

0 Karma
Reply

tkomatsubara_sp
Splunk Employee
Splunk Employee
‎09-22-2018 12:45 AM

こんにちは。

Timeline ビジュアライゼーションを使うと、もっと簡単にできます。
ご参考ください。
https://splunkbase.splunk.com/app/3120/

source="call_log.csv" index="call" sourcetype="csv"
|eval LeaveTime_e=strptime(LeaveTime,"%Y-%m-%d %H:%M:%S")
|eval JoinTime_e=strptime(JoinTime,"%Y-%m-%d %H:%M:%S")
|eval duration=LeaveTime_e-JoinTime_e
|eval duration=duration*1000
|table JoinTime_e, CallID, duration, duration
0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...