Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can you help me get a number value and average it?

orchapellico
Explorer
‎02-10-2019 09:45 AM

I am trying to get a value, in this case it is the # of seconds to respond, so that I can graph it or set alerts to it. Below are the log entries I am dealing with.

STATUS | wrapper  | main    | 2019/02/10 10:38:08.885 | Pinging the JVM took 5 seconds to respond.

So I need help pulling the number and the search for being able to graph this per a host.

0 Karma
Reply

woodcock
Esteemed Legend
‎02-12-2019 12:06 AM

Like this:

index=YouShouldAlwaysSpecifyAnIndex AND sourcetype=AndSourcetypeToo
| rex "took\s+(?<responseSeconds>\d+)\s+seconds"
| timechart avg(responseSeconds) BY host
0 Karma
Reply

skoelpin
SplunkTrust
SplunkTrust
‎02-10-2019 10:54 AM

Assuming your log format is consistent, this will do the trick 

index=... sourcetype=...
| rex JVM\s\took\s(?<jvm_duration>\d+)\sseconds
| timechart avg(jvm_duration) AS jvm_duration by host
Reply
Get Updates on the Splunk Community!

Modern way of developing distributed application using OTel

Recently, I had the opportunity to work on a complex microservice using Spring boot and Quarkus to develop a ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had 3 releases of new security content via the Enterprise Security ...

Archived Metrics Now Available for APAC and EMEA realms

We’re excited to announce the launch of Archived Metrics in Splunk Infrastructure Monitoring for our customers ...