How to achieve readable date format for scatter pl...

Ishan · ‎06-23-2022

I have the below query, I need the scatter point visualization for this. time on the x axis and the build duration on the y axis for different job url as labels How to achieve this.

index="maas-01" sourcetype="jenkins_run:pipeline/describe" source=* "content.stages{}.stage_name"="build:execute"
|rename content.stages{}.stage_duration_sec as duration content.stages{}.stage_name as name content.build_id as id
| eval trimed_source = trim (source, "jenkins_run:/job/")
| eval job_url = substr(trimed_source, 1, len(trimed_source )-2)
|search job_url IN ($_job_url$)
| table id _time name duration job_url
| eval res=mvzip(name, duration)
| eval name=mvindex(name, mvfind(res, "^build:execute.+")), duration=mvindex(duration, mvfind(res, "^build:execute.+"))
| eval time=strptime(strftime(_time, "%Y-%m-%d %H:%M:%S.%N"),"%Y-%m-%d %H:%M:%S.%N")
|eval bEx_Duration_minutes=round(duration/60, 2)
| fields job_url time bEx_Duration_minutes

I just need the time in human readable format , not any epoch number. Any possibility of using scatter plot for above query with default _time? or is there any other way we can do this.

Below is the visualisation which is getting generated. Need the output like below only but with readable date and time or Date only.

How to achieve readable date format for scatter plot x-axis?

eval

table

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Bridging the Gap: Splunk Helps Students Move from Classroom to Career