I have a field in my logs that looks like this:
Timestamp: 1477292160636560 1217
The first number is time at which the request was received in unix epoch standard. The 2nd number is the response time. I want to use the 2 numbers to make a line graph with the days on the x-axis and the response times on the y-axis so I can see what my response times were throughout a single day, past 7 days, past month, etc.
I wrote this search but I'm missing a few pieces to make the line chart:
* | rex field=_raw "Timestamp:\s(?<request_time>\d+)\s(?<response_time>\d+)" | timechart count by response_time
What am I missing?
... View more