Solved: Re: Display date on X axis

clementros · ‎11-27-2019

Hi all,

I'm trying to generate a timechart wich expose execution duration of a file. I almost succeed but i'm not able to generate an X axis with tiimestamp visible. Is it possible ?

index="saplogs" sourcetype=SAPCARBOOKING source="CARBOOKING.*.log" 
| stats min(_time) as start max(_time) as end by source 
| eval duration=end-start 
| eval start=strftime(start, "%Y-%m-%d %H:%M:%S") 
| eval end=strftime(end, "%Y-%m-%d %H:%M:%S") 
| stats avg(duration) as Duration by end, source 
| rename end as "End of processing date"

In stats line i sort by end date and source. Because i want to see the source concerned by the duration field.

Thank you for your help.

arjunpkishore5 · ‎11-27-2019

Use end as the time field and then use a timechart.

index="saplogs" sourcetype=SAPCARBOOKING source="CARBOOKING.*.log" 
 | stats min(_time) as start max(_time) as end by source 
 | eval duration=end-start 
 | eval _time=end
 | timechart avg(duration) as Duration by  source

View solution in original post

arjunpkishore5 · ‎11-27-2019

Use end as the time field and then use a timechart.

index="saplogs" sourcetype=SAPCARBOOKING source="CARBOOKING.*.log" 
 | stats min(_time) as start max(_time) as end by source 
 | eval duration=end-start 
 | eval _time=end
 | timechart avg(duration) as Duration by  source

Display date on X axis

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination

Join the Conversation

Display date on X axis

Application management with Targeted Application Install for Victoria Experience

Index This | What goes up and never comes down?

Splunkers, Pack Your Bags: Why Cisco Live EMEA is Your Next Big Destination