How to achieve readable date format for scatter pl...

Ishan · ‎06-23-2022

I have the below query, I need the scatter point visualization for this. time on the x axis and the build duration on the y axis for different job url as labels How to achieve this.

index="maas-01" sourcetype="jenkins_run:pipeline/describe" source=* "content.stages{}.stage_name"="build:execute"
|rename content.stages{}.stage_duration_sec as duration content.stages{}.stage_name as name content.build_id as id
| eval trimed_source = trim (source, "jenkins_run:/job/")
| eval job_url = substr(trimed_source, 1, len(trimed_source )-2)
|search job_url IN ($_job_url$)
| table id _time name duration job_url
| eval res=mvzip(name, duration)
| eval name=mvindex(name, mvfind(res, "^build:execute.+")), duration=mvindex(duration, mvfind(res, "^build:execute.+"))
| eval time=strptime(strftime(_time, "%Y-%m-%d %H:%M:%S.%N"),"%Y-%m-%d %H:%M:%S.%N")
|eval bEx_Duration_minutes=round(duration/60, 2)
| fields job_url time bEx_Duration_minutes

I just need the time in human readable format , not any epoch number. Any possibility of using scatter plot for above query with default _time? or is there any other way we can do this.

Below is the visualisation which is getting generated. Need the output like below only but with readable date and time or Date only.

How to achieve readable date format for scatter plot x-axis?

eval

table

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

Are you a member of the Splunk Community?