Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Make a graph

hxa27
Path Finder
‎02-20-2014 01:27 PM

Hi, I am using this query

sourcetype=TraceDropOff| transaction startswith="Starting Main" endswith="DropOff application execution complete" |eval "Event End Time"=strftime(_time+duration, "%m-%d-%Y %H:%M:%S")|eval "Event Start Time"=strftime(_time, "%m-%d-%Y %H:%M:%S")| rename source as "Log Location" | eval Duration(Seconds)=strftime(duration,"%M:%S") | table "Log Location","Event Start Time","Event End Time", Duration(Seconds)

and I am trying to graph the Duration(second) column with the Log Location but since these are not fields am not able to graph my data. Any suggestion??

Thanks

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 01:54 PM

How 'bout this?

sourcetype=TraceDropOff | transaction startswith="Starting Main" endswith="DropOff application execution complete" | timechart avg(duration) by source
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 03:05 PM

Add this after the timechart:

... | eval duration = duration / 60 | rename duration as "Duration in minutes"
0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 03:01 PM

ok, and how can I do the minutes ?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 02:59 PM

Showing the time in MM:SS on the Y axis isn't going to be easy, if at all possible with the built-in charting. Just go with either seconds or minutes, the viewer is going to understand it.

0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 02:56 PM

Yes, and showing the time it takes as Y axis in minute ans second

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 02:46 PM

Sooo... You're looking for max(duration) instead of avg(duration)?

0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 02:30 PM

we are trying to see how long it takes to receive the response. Then we can set up an alert whenever the process exceeds our max.The graph will be easier for us to read and compare .

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 02:07 PM

What should the graph look like instead?

0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 02:04 PM

Thanks for the response

Probably you misunderstood my question.I am trying to graph the result of each duration but the query you wrote is giving the avg duration.

Thanks again

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...