Solved: Creating a render time field

lifetech · ‎02-27-2012

Hi, was wondering if what I am trying to do is possible. I have a program that spits out the amount of time it takes to render a webpage that looks like:

HWFastProductDetailAjax took 345ms

I have no problems creating a field that gets the 345 time out, however within the log I also get:

SavePickupOptions took 1m, 78s, 540ms

With the field I created, it only see's the 1 which is inaccurate. What I would like to accomplish is if the took LIKE *m, *s, *ms then make the field something like (($s * 1000) + $ms) where $s would be seconds and $ms is milliseconds.

gkanapathy · ‎02-27-2012

No, but you can extract the minutes and seconds fields separately, then simply apply eval:

... | eval t_ms=(m*60000)+(s*1000)+ms

And then do whatever else you wanted:

...  |  eval t_ms=(m*60000)+(s*1000)+ms | stats avg(t_ms) by method_name

... SavePickOptions AND host=blah  |  eval t_ms=(m*60000)+(s*1000)+ms | where t_ms > 7000

View solution in original post

gkanapathy · ‎02-27-2012

No, but you can extract the minutes and seconds fields separately, then simply apply eval:

... | eval t_ms=(m*60000)+(s*1000)+ms

And then do whatever else you wanted:

...  |  eval t_ms=(m*60000)+(s*1000)+ms | stats avg(t_ms) by method_name

... SavePickOptions AND host=blah  |  eval t_ms=(m*60000)+(s*1000)+ms | where t_ms > 7000

Creating a render time field

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Event Series: Telemetry Pipeline Management

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

Join the Conversation