Splunk Search
Highlighted

Is timechart capable of representing a table of values for start time, end time and duration on a graph?

Builder

Hello,
Can somebody please tell me whether or not timechart has the below functionality, or suggest an alternative

I have a table of values, start time, end time & duration. i want to represent these on a graph so that we can see trends.

Any ideas?

Highlighted

Re: Is timechart capable of representing a table of values for start time, end time and duration on a graph?

Communicator

if you do not have _time values in your "table" than you probably want something like this:

| eval _time=start_time | timechart count avg(duration) max(duration) min(duration) median(duration)

Just use whatever statistical function you want, but I added a few common ones.
Also end time does not seem to be as relevant to me as start time and duration, so i have not used it in the query.

0 Karma
Highlighted

Re: Is timechart capable of representing a table of values for start time, end time and duration on a graph?

Builder

Can you explain what this will represent? Problem is I'm waiting for approval for me to actually go ahead and start it.... So its creating the _time variable which is used by timechart, and you're averaging duration? and max and min do what? and I want this to be per day, so it shows duration on a period of , e.g. a month, where we can see that the system is getting slower or faster.

0 Karma
Highlighted

Re: Is timechart capable of representing a table of values for start time, end time and duration on a graph?

Communicator

If you want your aggregation per day you can specify span=1d in the timechart command.
min and max give you the highest and lowest value of duration per day, avg gives you the average duration each day and median will give you the median duration per day.
If you provide more information on what you are trying to find out and also provide a bit of example data, I could provide you with a more detailed help.

0 Karma