Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Hourly count of a string with min, max, and avg of time taken in 0.000 sec

runiyal
Path Finder
‎10-23-2015 11:01 AM

In my log file, I have lot of messages saying upload or search got completed in x seconds. Like -

Search Completed successfully in 0.698 seconds
Upload Completed successfully in 2.529 seconds

We need a report that tells us the total count on hourly basis but with it it should also calculate Min/Max/Avg time (second) spent for in each of that operation. Result should be like -

Activity Count Min Max Avg
Upload

Search

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2015 11:49 AM

Assuming you have no existing extractions, something like this should get you started.

index = foo | rex "(?P<Activity>\w+) Completed successfully in (?P<secs>\d+\.\d+) seconds" | stats count(secs) as Count min(secs) as Min max(secs) as Max avg(secs) as Avg by Activity | table Activity Count Min Max Avg
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...