Solved: Use process run time to plot number of processes r...

agu_srishti · ‎08-25-2017

I need to plot a graph over time indicating how many processes are running in each second, but the Splunk log only contains the start time and end time of the process in one line as epoch time.

Splunk log

25-08-2017 7:35:00 PM processname=p1, starttime=1503689564, endtime=1503689670
25-08-2017 7:35:00 PM processname=p2, starttime=1503689564, endtime=1503689679

so I need to plot a timechart to show as below
time - count
August 25, 2017 7:32:44 PM - 2
August 25, 2017 7:32:45 PM - 2
August 25, 2017 7:32:46 PM - 2
.
.
August 25, 2017 7:32:50 PM - 2
August 25, 2017 7:32:51 PM - 1
August 25, 2017 7:32:52 PM - 1

reference
1503689564 - GMT: Friday, August 25, 2017 7:32:44 PM
1503689679 - GMT: Friday, August 25, 2017 7:34:39 PM

somesoni2 · ‎08-25-2017

Give this a try

your base search 
| fields processname startime endtime
| eval runtime=mvrange(starttime,endtime+1) | fields - startime endtime
| mvexpand runtime | rename runtime as _time 
| timechart span=1s dc(processname) as count

View solution in original post

somesoni2 · ‎08-25-2017

Give this a try

your base search 
| fields processname startime endtime
| eval runtime=mvrange(starttime,endtime+1) | fields - startime endtime
| mvexpand runtime | rename runtime as _time 
| timechart span=1s dc(processname) as count

agu_srishti · ‎08-25-2017

works! thanks!

Use process run time to plot number of processes running in each second

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!