Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help me get a number value and average it?

orchapellico
Explorer
‎02-10-2019 09:45 AM

I am trying to get a value, in this case it is the # of seconds to respond, so that I can graph it or set alerts to it. Below are the log entries I am dealing with.

STATUS | wrapper  | main    | 2019/02/10 10:38:08.885 | Pinging the JVM took 5 seconds to respond.

So I need help pulling the number and the search for being able to graph this per a host.

0 Karma
Reply

woodcock
Esteemed Legend
‎02-12-2019 12:06 AM

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo
| rex "took\s+(?<responseSeconds>\d+)\s+seconds"
| timechart avg(responseSeconds) BY host
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-10-2019 10:54 AM

Assuming your log format is consistent, this will do the trick 

index=... sourcetype=...
| rex JVM\s\took\s(?<jvm_duration>\d+)\sseconds
| timechart avg(jvm_duration) AS jvm_duration by host
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...