Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

psteja
Engager
‎12-13-2016 08:07 AM

Splunk newbie here trying to get a nice line graph showing the session creation pattern over a period of time:

.....|table sessionNum source _time |????????

Not sure what to put there so I get different colored lines one for each source, with NumberOfSessions per source over the time period. Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source
0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 10:25 AM

Almost 🙂 In my case I shouldn't sum, I need to take max/min/avg to get the rough number of active sessions per source. thank you.

0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 08:24 AM

I guess I am not clear enough. my sessionNUm =Total number of sessions at that particular time on that source. So I can not 'count' again. my 'event' already has the sessionCount. Hope I am making sense. So for a given source , I can have sessionNum 10,11,12,13,12,11,12,13,14,.... etc. And I want to represent it visually

0 Karma
Reply
Solved! Jump to solution

twinspop
Influencer
‎12-13-2016 08:28 AM

See edit above

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-13-2016 08:17 AM

Hi psteja,
if you want to draw a graphic, you cannot use the table command, but you have to use a statistical command like stats, charts or timechart.
so you could use:

your_search |timechart count by sessionNum

to have a time distribution of your events
Bye.
Giuseppe

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...