How to create a table that displays Request IDs an...

girishgene07 · ‎10-10-2016

MESSAGE [Slow script time: Time=9.11s - Request ID=bed_get_organization_list_b]

From the one of the log message above.

I am trying to extract and bring up a table for displaying top 10 Request ID's which has Time greater than 10minutes

my search:

index=sample Slow script time: Time>=600s AND Request ID="*" | top limit=10 ID.

I am not getting exact results of the Request Id which are >600s.
I wanted to display Request ID and Time value as columns in a table. currently I am able to bring up only Request ID and count.

Requesting any guidance or assistance.
Thank you!

somesoni2 · ‎10-10-2016

Try like this

 index=sample Slow script time: Request ID="*" | convert num(Time) | where Time>600 | top limit=10 ID

sundareshr · ‎10-10-2016

Try this

index=sample "Slow script time" | convert num(Time) as dur | sort 10 - dur | table _time "Request ID" Time

girishgene07 · ‎10-12-2016

!ENTRY com.cerner.system.enterprise.client.ScriptCall 2 0 2016-10-11 13:38:25.374
!MESSAGE [Slow script time: Time=82.65s - Request ID=bed_get_org_dup_ind]

Thank you for the response Sundaresh, I am now able to see the Time but the query is not listing the Request ID name. (ex- bed_get_org_dup_ind)

_time Request ID Time
2016-10-11 13:38:25.374 82.65s
2016-10-11 10:13:14.064 68.62s
2016-10-11 16:33:46.937 63.74s
2016-10-07 10:06:25.161 61.4s

How to create a table that displays Request IDs and Time as columns?

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?