Solved: Re: Display date on X axis

clementros · ‎11-27-2019

Hi all,

I'm trying to generate a timechart wich expose execution duration of a file. I almost succeed but i'm not able to generate an X axis with tiimestamp visible. Is it possible ?

index="saplogs" sourcetype=SAPCARBOOKING source="CARBOOKING.*.log" 
| stats min(_time) as start max(_time) as end by source 
| eval duration=end-start 
| eval start=strftime(start, "%Y-%m-%d %H:%M:%S") 
| eval end=strftime(end, "%Y-%m-%d %H:%M:%S") 
| stats avg(duration) as Duration by end, source 
| rename end as "End of processing date"

In stats line i sort by end date and source. Because i want to see the source concerned by the duration field.

Thank you for your help.

arjunpkishore5 · ‎11-27-2019

Use end as the time field and then use a timechart.

index="saplogs" sourcetype=SAPCARBOOKING source="CARBOOKING.*.log" 
 | stats min(_time) as start max(_time) as end by source 
 | eval duration=end-start 
 | eval _time=end
 | timechart avg(duration) as Duration by  source

View solution in original post

arjunpkishore5 · ‎11-27-2019

Use end as the time field and then use a timechart.

index="saplogs" sourcetype=SAPCARBOOKING source="CARBOOKING.*.log" 
 | stats min(_time) as start max(_time) as end by source 
 | eval duration=end-start 
 | eval _time=end
 | timechart avg(duration) as Duration by  source

Display date on X axis

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation