How to create a table that displays Request IDs an...

girishgene07 · ‎10-10-2016

MESSAGE [Slow script time: Time=9.11s - Request ID=bed_get_organization_list_b]

From the one of the log message above.

I am trying to extract and bring up a table for displaying top 10 Request ID's which has Time greater than 10minutes

my search:

index=sample Slow script time: Time>=600s AND Request ID="*" | top limit=10 ID.

I am not getting exact results of the Request Id which are >600s.
I wanted to display Request ID and Time value as columns in a table. currently I am able to bring up only Request ID and count.

Requesting any guidance or assistance.
Thank you!

somesoni2 · ‎10-10-2016

Try like this

 index=sample Slow script time: Request ID="*" | convert num(Time) | where Time>600 | top limit=10 ID

sundareshr · ‎10-10-2016

Try this

index=sample "Slow script time" | convert num(Time) as dur | sort 10 - dur | table _time "Request ID" Time

girishgene07 · ‎10-12-2016

!ENTRY com.cerner.system.enterprise.client.ScriptCall 2 0 2016-10-11 13:38:25.374
!MESSAGE [Slow script time: Time=82.65s - Request ID=bed_get_org_dup_ind]

Thank you for the response Sundaresh, I am now able to see the Time but the query is not listing the Request ID name. (ex- bed_get_org_dup_ind)

_time Request ID Time
2016-10-11 13:38:25.374 82.65s
2016-10-11 10:13:14.064 68.62s
2016-10-11 16:33:46.937 63.74s
2016-10-07 10:06:25.161 61.4s

How to create a table that displays Request IDs and Time as columns?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Index This | What travels the world but is also stuck in place?

Discover New Use Cases: Unlock Greater Value from Your Existing Splunk Data

Continue Your Journey: Join Session 2 of the Data Management and Federation Bootcamp ...

Join the Conversation