Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Creating a Data Table from CSV
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ezajac
Path Finder
09-07-2012
06:14 AM
I am new to Splunk and only really understand the STATS Functions.
I have some CSV files that contain the fields that contain average response times for some testing that is performed monthly. ("Date", "OperationName", "Duration", "When")
This is the function I am running and each line only has one line so this kind of works for what I want to present in Splunk. Is there a better way to do this?
index="perf_results" | stats avg(Duration) as Duration by OperationName, When
What is getting returned looks like this
OperationName When Duration
Event 1 May 165
Event 1 June 168
Event 1 July 110
Event 1 August 114
Event 2 May 686
Event 2 June 885
Event 2 July 777
Event 2 August 600
What I would like is a report that presents information like this:
OperationName May June July August
Event 1 165 168 110 114
Event 2 686 885 777 600
Event 3 1000 1004 1100 1000
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kristian_kolb
Ultra Champion
09-07-2012
06:44 AM
Try chart instead of stats;
... | chart avg(Duration) AS Duration over OperationName by When
Hope this helps,
Kristian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kristian_kolb
Ultra Champion
09-07-2012
06:44 AM
Try chart instead of stats;
... | chart avg(Duration) AS Duration over OperationName by When
Hope this helps,
Kristian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kristian_kolb
Ultra Champion
09-10-2012
11:06 AM
While your soul is withering away at the slot machines, doused in cheap liquor - just think of all the fun I'll have with my Karma points.
😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Drainy
Champion
09-10-2012
08:24 AM
Glad to see you take your win in your stride 😄
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kristian_kolb
Ultra Champion
09-10-2012
12:28 AM
HAHA, .conf starts today, and you've been found wanting....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Drainy
Champion
09-07-2012
08:22 AM
Just to voice that this is the best answer, I cannot upvote it for political reasons 😉
Get Updates on the Splunk Community!
Good Sourcetype Naming
When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...
See your relevant APM services, dashboards, and alerts in one place with the updated ...
As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...
Splunk App for Anomaly Detection End of Life Announcement
Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...
