Solved: Creating a render time field

lifetech · ‎02-27-2012

Hi, was wondering if what I am trying to do is possible. I have a program that spits out the amount of time it takes to render a webpage that looks like:

HWFastProductDetailAjax took 345ms

I have no problems creating a field that gets the 345 time out, however within the log I also get:

SavePickupOptions took 1m, 78s, 540ms

With the field I created, it only see's the 1 which is inaccurate. What I would like to accomplish is if the took LIKE *m, *s, *ms then make the field something like (($s * 1000) + $ms) where $s would be seconds and $ms is milliseconds.

gkanapathy · ‎02-27-2012

No, but you can extract the minutes and seconds fields separately, then simply apply eval:

... | eval t_ms=(m*60000)+(s*1000)+ms

And then do whatever else you wanted:

...  |  eval t_ms=(m*60000)+(s*1000)+ms | stats avg(t_ms) by method_name

... SavePickOptions AND host=blah  |  eval t_ms=(m*60000)+(s*1000)+ms | where t_ms > 7000

View solution in original post

gkanapathy · ‎02-27-2012

No, but you can extract the minutes and seconds fields separately, then simply apply eval:

... | eval t_ms=(m*60000)+(s*1000)+ms

And then do whatever else you wanted:

...  |  eval t_ms=(m*60000)+(s*1000)+ms | stats avg(t_ms) by method_name

... SavePickOptions AND host=blah  |  eval t_ms=(m*60000)+(s*1000)+ms | where t_ms > 7000

Creating a render time field

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)

Join the Conversation

Creating a render time field

The OpenTelemetry Certified Associate (OTCA) Exam

From Manual to Agentic: Level Up Your SOC at Cisco Live

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 4)