Splunk Search

How to create a dashboard to show how many events took 4 seconds, 5 seconds, 7 seconds, etc. from my sample log data?

Path Finder

Hi,

I need help to create a Dashboard for the below logs. If we look into the below query, we can see that the *SQL Query took 5 seconds, 4 Seconds, 7 seconds. I want to create a single dashboard which should show how many events took 4 seconds, 5 seconds, 7 seconds, etc. Please help me on this one.

2:16:12.759 PM  
29190/-305140880 WRK:TS42CLEA02_F010D210_P5841202   Wed Jul 22 14:16:12.759268  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 5 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/18/15 
10:15:04.328 PM 
15498/-143431984 MAIN_THREAD                        Sat Jul 18 22:15:04.328490  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 4 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/17/15 
7:34:10.839 AM  
25047/-295699600 WRK:TS00TSTR02_E755D828_P42101     Fri Jul 17 07:34:10.839249  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 7 seconds which is equal to or greater than QueryExecutionTimeThreshold.
0 Karma
1 Solution

Champion

To get the time mentioned in the log, you could use rex (or create a field extraction based on the same regular expression) and do a simple count by that number:

your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime

View solution in original post

Champion

To get the time mentioned in the log, you could use rex (or create a field extraction based on the same regular expression) and do a simple count by that number:

your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime

View solution in original post

Path Finder

Thank you Jeff!! It worked.

0 Karma