Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- timechart question
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
timechart question
xipander
New Member
09-01-2011
02:12 PM
I'm trying to graph a custom long that gives the round trip time of a web service request. I've got sourcetype="wsping.log" |stats first(RoundTrip) by _time gives me the table with the correct values, but when I try to chart it doesn't show up. I think the problem is that my roundtrip value looks like RoundTrip=00:00:00:12 so it's not showing up in the chart? it logs every second so essentially i need every second/log entry on the x axis and the roundtrip value on the y axis in a line graph so we can see spikes. thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RicoSuave
Builder
09-02-2011
06:23 AM
Try this:
If that doesn't work try strftime instead
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RicoSuave
Builder
09-08-2011
02:26 PM
Sweet. Glad i could help. Can you accept my answer? 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
xipander
New Member
09-07-2011
08:07 PM
This got me going in the right direction. I had to specify the full strptime values.
RoundTrip | eval roundtriptime=strptime(RoundTrip,"%H:%M:%S:%s") | chart avg(roundtriptime) over _time
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
RicoSuave
Builder
09-01-2011
06:31 PM
Are you extracting a field for the actual webservice? I would graph the roundtrip time by webservice over time. Try:
<yoursearch> | timechart avg(RoundTrip) by <yourWebServiceField>
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
xipander
New Member
09-02-2011
05:58 AM
Date 09/02/2011 Begin = 08:55:09:13, End = 08:55:09:26, RoundTrip = 00:00:00:12
That's all I have in the log entries, the tables and search results show up right, just the line charts don't. I think it has to do with the way the "times" are formatted it's not graphing them properly?
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
