Join the Conversation
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Creating a Data Table from CSV
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am new to Splunk and only really understand the STATS Functions.
I have some CSV files that contain the fields that contain average response times for some testing that is performed monthly. ("Date", "OperationName", "Duration", "When")
This is the function I am running and each line only has one line so this kind of works for what I want to present in Splunk. Is there a better way to do this?
index="perf_results" | stats avg(Duration) as Duration by OperationName, When
What is getting returned looks like this
OperationName When Duration
Event 1 May 165
Event 1 June 168
Event 1 July 110
Event 1 August 114
Event 2 May 686
Event 2 June 885
Event 2 July 777
Event 2 August 600
What I would like is a report that presents information like this:
OperationName May June July August
Event 1 165 168 110 114
Event 2 686 885 777 600
Event 3 1000 1004 1100 1000
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try chart instead of stats;
... | chart avg(Duration) AS Duration over OperationName by When
Hope this helps,
Kristian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try chart instead of stats;
... | chart avg(Duration) AS Duration over OperationName by When
Hope this helps,
Kristian
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
While your soul is withering away at the slot machines, doused in cheap liquor - just think of all the fun I'll have with my Karma points.
😉
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Glad to see you take your win in your stride 😄
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HAHA, .conf starts today, and you've been found wanting....
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just to voice that this is the best answer, I cannot upvote it for political reasons 😉
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Mile High Learning with Splunk University, Denver, Colorado
IT Service Intelligence 5.0 Series: Your Guide to the June Launch
Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0
