Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

psteja
Engager
‎12-13-2016 08:07 AM

Splunk newbie here trying to get a nice line graph showing the session creation pattern over a period of time:

.....|table sessionNum source _time |????????

Not sure what to put there so I get different colored lines one for each source, with NumberOfSessions per source over the time period. Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source
0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 10:25 AM

Almost 🙂 In my case I shouldn't sum, I need to take max/min/avg to get the rough number of active sessions per source. thank you.

0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 08:24 AM

I guess I am not clear enough. my sessionNUm =Total number of sessions at that particular time on that source. So I can not 'count' again. my 'event' already has the sessionCount. Hope I am making sense. So for a given source , I can have sessionNum 10,11,12,13,12,11,12,13,14,.... etc. And I want to represent it visually

0 Karma
Reply
Solved! Jump to solution

twinspop
Influencer
‎12-13-2016 08:28 AM

See edit above

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-13-2016 08:17 AM

Hi psteja,
if you want to draw a graphic, you cannot use the table command, but you have to use a statistical command like stats, charts or timechart.
so you could use:

your_search |timechart count by sessionNum

to have a time distribution of your events
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...