How do I extract the string which contains time fr...

janibhasha · ‎12-02-2016

I have data like below which contains time taken for service call in regular string format.

Sample Data :

Time Taken[0.122381]
Time Taken[0.122381]
Time Taken[0.122381]

How can i extract

Thanks in advance

gokadroid · ‎12-02-2016

you can try this assuming this data is in seconds.

your query to return events
| rex "(?<pre>[^\[]+)\[(?<number>[^\]]+)\]"
| eval millis=tonumber(number)*1000
| timechart avg(millis)

Use avg(millis), max(millis) or min(millis) depending on what you want to chart. If you just want to tabulate it use |table millis

Richfez · ‎12-02-2016

Or even all of the above:

... | timechart max(millis), avg(millis), min(millis)

Then your visualization should have all three.

And if you'd like to rename them use AS:

... | timechart max(millis) AS Max, avg(millis) AS Average, min(millis) AS Min

Happy Splunking!
-Rich

How do I extract the string which contains time from my data, convert it to milliseconds, and display in a chart?