Splunk Search
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Make a graph

hxa27
Path Finder
‎02-20-2014 01:27 PM

Hi, I am using this query

sourcetype=TraceDropOff| transaction startswith="Starting Main" endswith="DropOff application execution complete" |eval "Event End Time"=strftime(_time+duration, "%m-%d-%Y %H:%M:%S")|eval "Event Start Time"=strftime(_time, "%m-%d-%Y %H:%M:%S")| rename source as "Log Location" | eval Duration(Seconds)=strftime(duration,"%M:%S") | table "Log Location","Event Start Time","Event End Time", Duration(Seconds)

and I am trying to graph the Duration(second) column with the Log Location but since these are not fields am not able to graph my data. Any suggestion??

Thanks

Tags (2)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 01:54 PM

How 'bout this?

sourcetype=TraceDropOff | transaction startswith="Starting Main" endswith="DropOff application execution complete" | timechart avg(duration) by source
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 03:05 PM

Add this after the timechart:

... | eval duration = duration / 60 | rename duration as "Duration in minutes"
0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 03:01 PM

ok, and how can I do the minutes ?

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 02:59 PM

Showing the time in MM:SS on the Y axis isn't going to be easy, if at all possible with the built-in charting. Just go with either seconds or minutes, the viewer is going to understand it.

0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 02:56 PM

Yes, and showing the time it takes as Y axis in minute ans second

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 02:46 PM

Sooo... You're looking for max(duration) instead of avg(duration)?

0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 02:30 PM

we are trying to see how long it takes to receive the response. Then we can set up an alert whenever the process exceeds our max.The graph will be easier for us to read and compare .

0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎02-20-2014 02:07 PM

What should the graph look like instead?

0 Karma
Reply

hxa27
Path Finder
‎02-20-2014 02:04 PM

Thanks for the response

Probably you misunderstood my question.I am trying to graph the result of each duration but the query you wrote is giving the avg duration.

Thanks again

0 Karma
Reply
Get Updates on the Splunk Community!

Buttercup Games: Further Dashboarding Techniques (Part 7)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...
Top