Creating a Tabular report

runiyal · ‎08-18-2016

I have following output in the logfile -

The service /app/service/upload succeeded in 1.264000 seconds, Request: {usertext=userText, date=2016-08-03, uploadedBy=appuser, usertext=userText, location=c:\store\abc.pdf, system=App1, envName=local, folderNumber=test12345, uploadedDate=2016-08-02}, Response: {UUID=5b626db2-1e9e-4a6b-b4a7-6f91e45111b4, MIMETYPE=application/pdf, SIZE=65.0615234375 KB, DBID=156251}

Need to have a report like this -

                Total   Response Time (Sec) Size of Document (KB)
Application Uploads Min Max Avg   Min   Max Avg
App1             1000    .5 11.5    1.5   20    2150    80  
App2             500       1     20   2    50   3750    100 
App3             5500    .2  7.5     1     10   1750    50

Can you gurus help in creating a script for such outputs?

runiyal · ‎08-29-2016

Thanks a lot Rich. Works like a charm!

richgalloway · ‎08-18-2016

This should get you started.

index=foo | rex "in (?<respTime>\d+\.\d+) seconds.*system=(?<Application>[^,]+).*SIZE=(?<sizeKB>\d+\.\d+)" | stats count as TotalUploads min(respTime) as MinRespTime max(respTime) as MaxRespTime avg(respTime) as AvgRespTime min(sizeKB) as MinSize max(sizeKB) as MaxSize avg(sizeKB) as AvgSize by Application

---
If this reply helps you, Karma would be appreciated.

Creating a Tabular report

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...