Hi all -
I am a Splunk Novice, especially when it comes to writing my own queries. I have created a Splunk Query that serves my first goal: calculate elapsed time between 2 events. Now, goa...
See more...
Hi all -
I am a Splunk Novice, especially when it comes to writing my own queries. I have created a Splunk Query that serves my first goal: calculate elapsed time between 2 events. Now, goal #2 is to graph that over a time period (i.e. 7 days). What is stalling my brain is that these events happen every day - in fact, they are batches that run on a cron schedule, so they better be happening every day! So I am unable to just change the time preset and graph this, because I am using earliest and latest events to calculate beginning and end. Here is my query to calculate duration:
index=*XYZ" "Batchname1"
| stats earliest(_time) AS Earliest, latest(_time) AS Latest
| eval Elapsed_Time=Latest-Earliest, Start_Time_Std=strftime(Earliest,"%H:%M:%S:%Y-%m-%d"), End_Time_Std=strftime(Latest,"%H:%M:%S:%Y-%m-%d")
| eval Elapsed_Time=Elapsed_Time/60
| table Start_Time_Std, End_Time_Std, Elapsed_Time
Any ideas on how to graph this duration over time so I can develop trend lines, etc? Thanks all for the help!