How to plot response time against _time field

shashank_24 · ‎07-15-2020

Hi, I am trying to plot the response time values against _time field. I am aware of the timechart and stats command which i can use to calculate the average or percentile but what i would want is to plot the actual values over time.

I have the below query where I want field responseTime on y-axis vs _time on x-axis with actual values and not the average. Is that possible to do without using transforming commands?

index=test host="serverer-p*" RESPONSE "uri=[/checkout/my-app]" 
| rex field=_raw"\[(?<responseTime>[^\s]+)"

renjith_nair · ‎07-15-2020

What happens if you just add

|table _time,responseTime and select a visualization

---
What goes around comes around. If it helps, hit it with Karma 🙂

shashank_24 · ‎07-15-2020

@renjith_nair You would say I was stupid. I was actually trying that but instead of table I was using fields command. With table command it works. Thank you.

index=test host="serverer-p*" RESPONSE "uri=[/checkout/my-app]" 
| rex field=elapsedTime "\[(?<responseTime>[^\s]+)"
| table _time responseTime

renjith_nair · ‎07-15-2020

@shashank_24, glad to know 🙂 . Appreciate an upvote and you may close the question by accepting as a solution

---
What goes around comes around. If it helps, hit it with Karma 🙂

How to plot response time against _time field

using Splunk Enterprise

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?