How to create a table that displays Request IDs an...

girishgene07 · ‎10-10-2016

MESSAGE [Slow script time: Time=9.11s - Request ID=bed_get_organization_list_b]

From the one of the log message above.

I am trying to extract and bring up a table for displaying top 10 Request ID's which has Time greater than 10minutes

my search:

index=sample Slow script time: Time>=600s AND Request ID="*" | top limit=10 ID.

I am not getting exact results of the Request Id which are >600s.
I wanted to display Request ID and Time value as columns in a table. currently I am able to bring up only Request ID and count.

Requesting any guidance or assistance.
Thank you!

somesoni2 · ‎10-10-2016

Try like this

 index=sample Slow script time: Request ID="*" | convert num(Time) | where Time>600 | top limit=10 ID

sundareshr · ‎10-10-2016

Try this

index=sample "Slow script time" | convert num(Time) as dur | sort 10 - dur | table _time "Request ID" Time

girishgene07 · ‎10-12-2016

!ENTRY com.cerner.system.enterprise.client.ScriptCall 2 0 2016-10-11 13:38:25.374
!MESSAGE [Slow script time: Time=82.65s - Request ID=bed_get_org_dup_ind]

Thank you for the response Sundaresh, I am now able to see the Time but the query is not listing the Request ID name. (ex- bed_get_org_dup_ind)

_time Request ID Time
2016-10-11 13:38:25.374 82.65s
2016-10-11 10:13:14.064 68.62s
2016-10-11 16:33:46.937 63.74s
2016-10-07 10:06:25.161 61.4s

How to create a table that displays Request IDs and Time as columns?

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor