Solved: timeline chart

Rkp_splunk · ‎09-15-2021

Hi

I have got this log where it shows how much time it takes to load investor page in millisecond(ms)

2021-09-15 13:40:12,005 {c0cf807e-ee8b-4bd7-bf10-b586302ce001} XYZ/Online/0659251190 END [/investor/load.htm] (5498) - 3312ms

I want to create a timeline chart to show how string "END [/investor/load.htm]" takes time to load at different period. I have got timepicker so I can get but how to show timeline for this string.

SPL like

index=prd_applog OR index=prd_middleware) appid::a0061f sourcetype="btsfl:bti:audit"| search "END [/investor/load.htm]" | timechart span=1m <then something to be added here like regex to give that timeline>

Thanks

richgalloway · ‎09-15-2021

Extract the load time into a field then let timechart graph it.

index=prd_applog OR index=prd_middleware) appid::a0061f sourcetype="btsfl:bti:audit" "END [/investor/load.htm]" 
| rex "- (?<loadTime>\d+)ms"
| timechart span=1m max(loadTime) as MaxLoadTime

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎09-15-2021

Extract the load time into a field then let timechart graph it.

index=prd_applog OR index=prd_middleware) appid::a0061f sourcetype="btsfl:bti:audit" "END [/investor/load.htm]" 
| rex "- (?<loadTime>\d+)ms"
| timechart span=1m max(loadTime) as MaxLoadTime

---
If this reply helps you, Karma would be appreciated.

timeline chart

timechart

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services