Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: Event Timechart with event duration
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lain179
Communicator
03-06-2013
05:00 PM
Hello,
I need help making a graphical presentation of the event happening over time. The X-axis will represent the time, and Y-axis will represent the duration of the event. The event will be marked on the graph as dots or little square boxes. Appreciate any help; I have been scratching my head all day for this...
The log lines look something like:
2013-03-06 21:20:03 Starting Job A . . 2013-03-06 21:44:23 Starting Job B . 2013-03-06 21:45:11 Finished Job A . 2013-03-06 21:55:23 Starting Job C . 2013-03-06 22:01:12 Starting Job D . . 2013-03-06 23:11:36 Finished Job B . 2013-03-06 23:25:01 Finished Job D . . 2013-03-07 00:00:56 Finished Job C
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lain179
Communicator
03-07-2013
09:05 AM
I found the solution myself.
do your seach | transaction JobName | chart values(duration) over _time by JobName
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
gabriel_vasseur
Contributor
03-04-2019
06:57 AM
I came here with a similar question and as the existing answers didn't help me I kept on looking and found the Timeline - Custom Visualization app ( https://splunkbase.splunk.com/app/3120/ ). I haven't played with it yet but I believe it's exactly what I want to achieve. I also think it's a better solution to your problem as it will make it more obvious if you have overlaps between your jobs and you'll be able to visualise how many jobs were running at any given point.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lain179
Communicator
03-07-2013
09:05 AM
I found the solution myself.
do your seach | transaction JobName | chart values(duration) over _time by JobName
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
giorgio_adami_m
Path Finder
03-07-2013
06:02 AM
I think that "transaction" is the command you're looking for:
http://docs.splunk.com/Documentation/Splunk/5.0.2/SearchReference/Transaction
For example:
search your events | transaction job_field | timechart duration
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
lain179
Communicator
03-07-2013
09:05 AM
That will not give you an idea of which jobs happened when.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
martin_mueller
SplunkTrust
03-07-2013
05:43 AM
What do you want to see in your graphical presentation?
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
