Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

chart versioning value

Javo222
Path Finder
‎11-01-2014 04:27 PM

Hi,

I'm sure my question is really simple but I've been trying to chart something for a long time and I can't find any similar answer.
I have the following data that I would like to chart either as a line or as un-linked dots:

2014-10-09 11:24:18,867  Starting Service, Version=4.05.009
2014-10-09 09:42:55,700  Starting Service, Version=3.78
2014-10-09 09:41:22,002  Starting Service, Version=3.24.056
2014-10-09 08:40:42,875  Starting Service, Version=3.17

How can I achieve that?
My field is already extracted with the name Starting_Service
Thanks

Tags (1)
0 Karma
Reply

martin_mueller
SplunkTrust
SplunkTrust
‎11-01-2014 04:42 PM

I think the key here is to make the multi-dotted version chartable, ie convert it into a number. Here's an example:

| stats count | eval data = "2014-10-09 11:24:18,867 Starting Service, Version=4.05.009
2014-10-09 09:42:55,700 Starting Service, Version=3.78
2014-10-09 09:41:22,002 Starting Service, Version=3.24.056
2014-10-09 08:40:42,875 Starting Service, Version=3.17" | makemv data delim="
" | mvexpand data | rex field=data "^(?<_time>.{23}).*?Version=(?<version>.*)" | eval _time = strptime(_time, "%F %T,%3N")
| eval version_number = tonumber(replace(version, "(\..*)\.", "\1")) | timechart min(version_number) max(version_number)

Note, the line breaks in the strings are necessary to generate this dummy data on-the-lazy.

The key part is the last eval, turning a string with two dots into a decimal number. Needs a little TLC if your versions can have more than just two dots.

0 Karma
Reply
Register for .conf25!
Get Updates on the Splunk Community!

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

The Defining Technology Movement of Our Lifetime The advent of agentic AI is arguably the defining technology ...

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

In today’s complex digital landscape, security teams face increasing pressure to protect sprawling data across ...

Your summer travels continue with new course releases

Summer in the Northern hemisphere is in full swing, and is often a time to travel and explore. If your summer ...
Top