Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Calculate average, min, max time in ms based on string in event log

rajnsoni92
Explorer
‎11-08-2023 04:48 AM

I am a beginner in Splunk queries. I might would be asking for some simple query but I am not able to construct it after searching a lot. Below is my sample event from message field 

 

REPORT RequestId: 288f34e9-5572-4816-d21e-9fcf5965fad0 Duration: 206.64 ms ..

 

I can get all events matching this criteria, but I want to do average, min and max of value present in duration in millisecond. Any help on this would be appreciated.

Labels (4)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-08-2023 04:58 AM 
| rex "Duration: (?<duration>[\d\.]+) ms"
| stats avg(duration) as avg min(duration) as min max(duration) as max

View solution in original post

Reply
Solved! Jump to solution

rajnsoni92
Explorer
‎11-08-2023 05:43 AM

Thanks @ITWhisperer it worked 🙂

0 Karma
Reply
Solved! Jump to solution
Solution

ITWhisperer
SplunkTrust
SplunkTrust
‎11-08-2023 04:58 AM 
| rex "Duration: (?<duration>[\d\.]+) ms"
| stats avg(duration) as avg min(duration) as min max(duration) as max
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...