Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Highlighted

How to create a timechart with actual values (NOT aggregation)

chandukreddi
Explorer
‎03-26-2020 10:03 AM

Hello Team,

from below words I would like to get only value 497 and that has to be timechart with actual value, how do I do that?

G1 Young Generation GC in 497ms.

Log print:

WARN [Service Thread] 2020-03-26 16:45:30,391 GCInspector.java:282 - G1 Young Generation GC in 497ms. G1 Eden Space: 683671552 -> 0; G1 Old Gen: 2290144840 -> 2009072128; G1 Survivor Space: 67108864 -> 62914560;

0 Karma
Reply
Highlighted

Re: How to create a timechart with actual values (NOT aggregation)

richgalloway
SplunkTrust
SplunkTrust
‎03-26-2020 10:30 AM

Extract the value using rex.

... | rex "GC in (?<GCtime>\d+)"

Use the values function to display all GCtime values that were seen in the given interval.

... | timechart span=1s values(GCtime) as GCtime by host
---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply

Re: How to create a timechart with actual values (NOT aggregation)

chandukreddi
Explorer
‎03-26-2020 11:58 AM

great it works!

But we have multiple hosts, so I would like to get individual line per Host. can you please help me?

0 Karma
Reply
Highlighted

Re: How to create a timechart with actual values (NOT aggregation)

richgalloway
SplunkTrust
SplunkTrust
‎03-26-2020 05:27 PM

See the updated answer.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply