Splunk Search

Response time- How do I extract response time in "ms" from this event?

Tioluwani-Ada
Engager

I  am beginner.  How do I extract response time in "ms" from this event? Thank you.

4.72.20.141 - - [27/Dec/2037:12:00:00 +0530] "POST /usr HTTP/1.0" 500 4998 "http://www.parker-miller.org/tag/list/list/privacy/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A" 830
31.60.78.151 - - [27/Dec/2037:12:00:00 +0530] "PUT /usr/admin HTTP/1.0" 303 5071 "-" "Mozilla/5.0 (Linux; Android 10; ONEPLUS A6000) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Mobile Safari/537.36 OPR/61.2.3076.56749" 1361
162.135.142.180 - - [27/Dec/2037:12:00:00 +0530] "DELETE /usr/admin HTTP/1.0" 502 5002 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36" 4608
56.125.112.165 - - [27/Dec/2037:12:00:00 +0530] "GET /usr/admin/developer HTTP/1.0" 303 5006 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36 OPR/73.0.3856.329" 4650

 

Labels (1)
0 Karma

yeahnah
Motivator

Hi @Tioluwani-Ada 

I suspect this has been answered for you here

https://community.splunk.com/t5/Splunk-Search/Average-response-time/m-p/636409#M221021

Though your example input data is slightly different.

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...