Splunk Search
Highlighted

How to write a search to find out the average dashboard runtime?

Explorer

hi there,

i would like to write a search to find out dashboard runtime.

index=_internal source=*splunkd_ui_access.log user!="-" user!="admin" | rex field=_raw ".*__search(?[0-9]+)[_].*/app\/(?\w+)\/(?\w+).*[ ]+(?[0-9]+)[m][s]" |where AppName!="launcher" AND ViewName!="search" AND ViewName !="report" AND ViewName !="pivot" |bucket _time span=1m |stats  max(SearchNumber) AS TotalSearches  avg(Duration) AS AvgDurationPerSearchMS   max(Duration) AS MaxDurationPerSearchMS max(user) AS a_user by ViewName|eval AvgDashboardTimeSecs = round(TotalSearches*AvgDurationPerSearchMS/1000,2)| eval MaxDashboardTimeSecs = round(TotalSearches*MaxDurationPerSearchMS/1000,2)|rename TotalSearches AS SearchInDashboard|fields ViewName,SearchInDashboard, a_user,AvgDashboardTimeSecs,MaxDashboardTimeSecs|sort - AvgDashboardTimeSecs

but it seems that the results are not correct.

my idea is get average running time of the dashboard.

0 Karma
Highlighted

Re: How to write a search to find out the average dashboard runtime?

SplunkTrust
SplunkTrust

Give this a try.

index=_audit action=search user!=splunk-system-user user!=admin search_id=* info=completed total_run_time=*  | stats max(total_run_time) as total_run_time by search_id | rex field=search_id "'(?<search_id>.+)'" | append[search index=_internal source=*splunkd_ui_access.log user!="-" user!="admin" | rex field=_raw ".*\/jobs\/(?<search_id>[^\/\?]+).*/app\/(?<AppName>\w+)\/(?<ViewName>\w+).*[ ]+(?<Duration>[0-9]+)[m][s]" |where AppName!="launcher" AND ViewName!="search" AND ViewName !="report" AND ViewName !="pivot" | stats max(_time) as _time by AppName ViewName search_id ] | stats values(*) as * by search_id | where isnotnull(AppName) AND isnotnull(total_run_time)
0 Karma
Highlighted

Re: How to write a search to find out the average dashboard runtime?

Explorer

hi,
this is not returning expected results, want to get total number of searches in a dashboard , avg run time of each dashboard, and max runtime of dashboard

0 Karma
Highlighted

Re: How to write a search to find out the average dashboard runtime?

Explorer

Can anyone respond plz

0 Karma