Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to set a standard set for span values

psmp
Explorer
‎12-02-2021 02:15 PM

I have a dhasboard which should show buckets with number of machines by span of time. 

Machine A to F is used for 2 mins

Machines D-T was used for 2hrs

Machine s-Z was used for more than 4hrs

So my graph should show the buckets with time range as a standard set. 

XAxis

<5 mins,

5-30mins

30min - 2hrs

2-4hrs

 > 4hrs

YAxis 

No of machines logged on for <2mins

No of machines logged on for 5-30mins 

and so on.

Logon TimeLogoff TimeMachineNameSessionTimeinMins
12/1/2021 19:3312/1/2021 19:36A3
12/1/2021 16:4612/1/2021 17:04B18
12/1/2021 15:3512/1/2021 15:38C3
12/1/2021 11:3512/1/2021 11:38D120
12/1/2021 16:3512/1/2021 21:35E300

 

Base Search | bucket SessionTimeinMins span=20 | chart count(MachineName) by sessionSpan

But this do not help in achieving what i wanted. Any help is much appreciated.  Ho do I set my X-Axis to show standard buckets like <2min, 30-1h and bring the count into this bucket. 

 

Thanks

 

 

Labels (3)
Labels
0 Karma
Reply

psmp
Explorer
‎12-02-2021 03:37 PM

Thank you @ITWhisperer 

How can I match the events that fall under this buckets?  

like Machine A-X will fall under 5-30min as they all have session times in that timerange. 

Thanks for your time and help.

0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-02-2021 03:43 PM

Do you mean something like this?

| stats values(MachineName) as MachineName by sessionSpan
0 Karma
Reply

ITWhisperer
SplunkTrust
SplunkTrust
‎12-02-2021 03:01 PM 
| eval sessionSpan=case(SessionTimeInMins<5,"5 mins",SessionTimeInMins<30,"5-30mins",SessionTimeInMins<120,"30min - 2hrs",SessionTimeInMins<240,"2-4hrs",1==1,"> 4hrs")
0 Karma
Reply
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

This challenge was first posted on Slack #puzzles channelFor a previous puzzle, I needed a set of fixed-length ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...