Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

psteja
Engager
‎12-13-2016 08:07 AM

Splunk newbie here trying to get a nice line graph showing the session creation pattern over a period of time:

.....|table sessionNum source _time |????????

Not sure what to put there so I get different colored lines one for each source, with NumberOfSessions per source over the time period. Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source
0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 10:25 AM

Almost 🙂 In my case I shouldn't sum, I need to take max/min/avg to get the rough number of active sessions per source. thank you.

0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 08:24 AM

I guess I am not clear enough. my sessionNUm =Total number of sessions at that particular time on that source. So I can not 'count' again. my 'event' already has the sessionCount. Hope I am making sense. So for a given source , I can have sessionNum 10,11,12,13,12,11,12,13,14,.... etc. And I want to represent it visually

0 Karma
Reply
Solved! Jump to solution

twinspop
Influencer
‎12-13-2016 08:28 AM

See edit above

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-13-2016 08:17 AM

Hi psteja,
if you want to draw a graphic, you cannot use the table command, but you have to use a statistical command like stats, charts or timechart.
so you could use:

your_search |timechart count by sessionNum

to have a time distribution of your events
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...