Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Creating a Tabular report

runiyal
Path Finder
‎08-18-2016 08:00 AM

I have following output in the logfile -

The service /app/service/upload succeeded in 1.264000 seconds, Request: {usertext=userText, date=2016-08-03, uploadedBy=appuser, usertext=userText, location=c:\store\abc.pdf, system=App1, envName=local, folderNumber=test12345, uploadedDate=2016-08-02}, Response: {UUID=5b626db2-1e9e-4a6b-b4a7-6f91e45111b4, MIMETYPE=application/pdf, SIZE=65.0615234375 KB, DBID=156251}

Need to have a report like this -

                Total   Response Time (Sec) Size of Document (KB)
Application Uploads Min Max Avg   Min   Max Avg
App1             1000    .5 11.5    1.5   20    2150    80  
App2             500       1     20   2    50   3750    100 
App3             5500    .2  7.5     1     10   1750    50

Can you gurus help in creating a script for such outputs?

Tags (1)
0 Karma
Reply

runiyal
Path Finder
‎08-29-2016 06:44 AM

Thanks a lot Rich. Works like a charm!

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-18-2016 10:02 AM

This should get you started.

index=foo | rex "in (?<respTime>\d+\.\d+) seconds.*system=(?<Application>[^,]+).*SIZE=(?<sizeKB>\d+\.\d+)" | stats count as TotalUploads min(respTime) as MinRespTime max(respTime) as MaxRespTime avg(respTime) as AvgRespTime min(sizeKB) as MinSize max(sizeKB) as MaxSize avg(sizeKB) as AvgSize by Application
---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...

Auto-Injector for Everything Else: Making OpenTelemetry Truly Universal

You might have seen Splunk’s recent announcement about donating the OpenTelemetry Injector to the ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...