Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Splunk Search
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Re: How to write a search to find out the average ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to write a search to find out the average dashboard runtime?
srinivasup
Explorer
01-16-2017
11:35 AM
hi there,
i would like to write a search to find out dashboard runtime.
index=_internal source=*splunkd_ui_access.log user!="-" user!="admin" | rex field=_raw ".*__search(?[0-9]+)[_].*/app\/(?\w+)\/(?\w+).*[ ]+(?[0-9]+)[m][s]" |where AppName!="launcher" AND ViewName!="search" AND ViewName !="report" AND ViewName !="pivot" |bucket _time span=1m |stats max(SearchNumber) AS TotalSearches avg(Duration) AS AvgDurationPerSearchMS max(Duration) AS MaxDurationPerSearchMS max(user) AS a_user by ViewName|eval AvgDashboardTimeSecs = round(TotalSearches*AvgDurationPerSearchMS/1000,2)| eval MaxDashboardTimeSecs = round(TotalSearches*MaxDurationPerSearchMS/1000,2)|rename TotalSearches AS SearchInDashboard|fields ViewName,SearchInDashboard, a_user,AvgDashboardTimeSecs,MaxDashboardTimeSecs|sort - AvgDashboardTimeSecs
but it seems that the results are not correct.
my idea is get average running time of the dashboard.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
somesoni2
Revered Legend
01-16-2017
01:04 PM
Give this a try.
index=_audit action=search user!=splunk-system-user user!=admin search_id=* info=completed total_run_time=* | stats max(total_run_time) as total_run_time by search_id | rex field=search_id "'(?<search_id>.+)'" | append[search index=_internal source=*splunkd_ui_access.log user!="-" user!="admin" | rex field=_raw ".*\/jobs\/(?<search_id>[^\/\?]+).*/app\/(?<AppName>\w+)\/(?<ViewName>\w+).*[ ]+(?<Duration>[0-9]+)[m][s]" |where AppName!="launcher" AND ViewName!="search" AND ViewName !="report" AND ViewName !="pivot" | stats max(_time) as _time by AppName ViewName search_id ] | stats values(*) as * by search_id | where isnotnull(AppName) AND isnotnull(total_run_time)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinivasup
Explorer
01-17-2017
10:30 AM
hi,
this is not returning expected results, want to get total number of searches in a dashboard , avg run time of each dashboard, and max runtime of dashboard
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
srinivasup
Explorer
02-08-2017
06:55 AM
Can anyone respond plz
Get Updates on the Splunk Community!
Updated Team Landing Page in Splunk Observability
We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...
New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...
Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...
Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...
The Transformative Power of AI and ML in Enhancing Observability
In the realm of IT operations, the ...
