Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to visually represent Session Creation trend across load balanced Java Virtual Machines (JVMs)?

psteja
Engager
‎12-13-2016 08:07 AM

Splunk newbie here trying to get a nice line graph showing the session creation pattern over a period of time:

.....|table sessionNum source _time |????????

Not sure what to put there so I get different colored lines one for each source, with NumberOfSessions per source over the time period. Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

twinspop
Influencer
‎12-13-2016 08:19 AM

This will first get the earliest time a particular sessionNum was seen. Then it will chart the count of sessionNums over time by source.

... | stats min(_time) as _time by sessionNum, source | timechart count by source

EDIT: Based on comment below:

... | timechart sum(sessionNum) by source
0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 10:25 AM

Almost 🙂 In my case I shouldn't sum, I need to take max/min/avg to get the rough number of active sessions per source. thank you.

0 Karma
Reply
Solved! Jump to solution

psteja
Engager
‎12-13-2016 08:24 AM

I guess I am not clear enough. my sessionNUm =Total number of sessions at that particular time on that source. So I can not 'count' again. my 'event' already has the sessionCount. Hope I am making sense. So for a given source , I can have sessionNum 10,11,12,13,12,11,12,13,14,.... etc. And I want to represent it visually

0 Karma
Reply
Solved! Jump to solution

twinspop
Influencer
‎12-13-2016 08:28 AM

See edit above

0 Karma
Reply
Solved! Jump to solution

gcusello
SplunkTrust
SplunkTrust
‎12-13-2016 08:17 AM

Hi psteja,
if you want to draw a graphic, you cannot use the table command, but you have to use a statistical command like stats, charts or timechart.
so you could use:

your_search |timechart count by sessionNum

to have a time distribution of your events
Bye.
Giuseppe

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...