Multiple average time calculations in a single sea...

angersleek · ‎05-22-2018

This is my log format.

{
    servicename: ServiceOne
    end.timestamp: 20000
    start.timestamp: 19920
}

{
    servicename: ServiceTwo
    end.timestamp: 30000
    start.timestamp: 29520
}

{
    servicename: ServiceOne
    end.timestamp: 59800
    start.timestamp: 59220
}

I am trying to calculate the average time taken for each service and display it in a trellis Layout on my Dashboard.

For example as follows:

ServiceOne(milliSecond) ServiceTwo(milliSecond) ServiceThree(milliSecond) 

200                     320                     455

I am able to capture the data, subtract the time to get the duration for each time the service is called and get its average to display it for one service. Is there a way I could do this for all my services (there are 8 of them) in a single search to display it in a single Trellis layout as shown in the above example? Thanks.

This is what I have done which works for a single service.

servicename=Service* | Convert num(end.timestamp) as end_time | Convert num(start.timestamp) as start_time | eval time_taken=(end_time - start_time) | eval AllServicesDurationField=toString(time_taken) | chart avg(AllServicesDurationField) as "All Services"

somesoni2 · ‎05-22-2018

Just add by servicename at the end of your chart command.

Multiple average time calculations in a single search for Trellis Display

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...

Join the Conversation

Multiple average time calculations in a single search for Trellis Display

[Puzzles] Solve, Learn, Repeat: Dynamic formatting from XML events

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Stronger Security with Federated Search for S3, GCP SQL & Australian Threat ...