How to create a table that displays Request IDs an...

girishgene07 · ‎10-10-2016

MESSAGE [Slow script time: Time=9.11s - Request ID=bed_get_organization_list_b]

From the one of the log message above.

I am trying to extract and bring up a table for displaying top 10 Request ID's which has Time greater than 10minutes

my search:

index=sample Slow script time: Time>=600s AND Request ID="*" | top limit=10 ID.

I am not getting exact results of the Request Id which are >600s.
I wanted to display Request ID and Time value as columns in a table. currently I am able to bring up only Request ID and count.

Requesting any guidance or assistance.
Thank you!

somesoni2 · ‎10-10-2016

Try like this

 index=sample Slow script time: Request ID="*" | convert num(Time) | where Time>600 | top limit=10 ID

sundareshr · ‎10-10-2016

Try this

index=sample "Slow script time" | convert num(Time) as dur | sort 10 - dur | table _time "Request ID" Time

girishgene07 · ‎10-12-2016

!ENTRY com.cerner.system.enterprise.client.ScriptCall 2 0 2016-10-11 13:38:25.374
!MESSAGE [Slow script time: Time=82.65s - Request ID=bed_get_org_dup_ind]

Thank you for the response Sundaresh, I am now able to see the Time but the query is not listing the Request ID name. (ex- bed_get_org_dup_ind)

_time Request ID Time
2016-10-11 13:38:25.374 82.65s
2016-10-11 10:13:14.064 68.62s
2016-10-11 16:33:46.937 63.74s
2016-10-07 10:06:25.161 61.4s

How to create a table that displays Request IDs and Time as columns?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

Join the Conversation