Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Creating a render time field

lifetech
New Member
‎02-27-2012 04:08 PM

Hi, was wondering if what I am trying to do is possible. I have a program that spits out the amount of time it takes to render a webpage that looks like:

HWFastProductDetailAjax took 345ms

I have no problems creating a field that gets the 345 time out, however within the log I also get:

SavePickupOptions took 1m, 78s, 540ms

With the field I created, it only see's the 1 which is inaccurate. What I would like to accomplish is if the took LIKE *m, *s, *ms then make the field something like (($s * 1000) + $ms) where $s would be seconds and $ms is milliseconds.

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-27-2012 05:16 PM

No, but you can extract the minutes and seconds fields separately, then simply apply eval:

... | eval t_ms=(m*60000)+(s*1000)+ms

And then do whatever else you wanted:

...  |  eval t_ms=(m*60000)+(s*1000)+ms | stats avg(t_ms) by method_name

... SavePickOptions AND host=blah  |  eval t_ms=(m*60000)+(s*1000)+ms | where t_ms > 7000

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

gkanapathy
Splunk Employee
Splunk Employee
‎02-27-2012 05:16 PM

No, but you can extract the minutes and seconds fields separately, then simply apply eval:

... | eval t_ms=(m*60000)+(s*1000)+ms

And then do whatever else you wanted:

...  |  eval t_ms=(m*60000)+(s*1000)+ms | stats avg(t_ms) by method_name

... SavePickOptions AND host=blah  |  eval t_ms=(m*60000)+(s*1000)+ms | where t_ms > 7000
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...