Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to chart total runtime for the last 15 days for a job running overnight?

sjafferali
Explorer
‎05-14-2020 02:17 PM

I have to report out my job logs which spans from night 9PM to Morning 10AM. I have a field called total_run_time and I want to chart this for the last 15 days. Can someone let me know how to achieve it in Splunk? I was able to chart for daily total runtime based on_time, but since my job starts the previous day and ends on the current day, I do not know how to chart it for the last 15 days.

I was able to get the total runtime for the last job running from 9PM to 10AM using the earliest and latest command but, I do not know how to chart for 15 days.

Can someone help?

0 Karma
Reply

Sfry1981
Communicator
‎05-15-2020 07:23 AM

Try the below

| stats values(total_run_time) as total_run_time, min(_time) as Start, max(_time) as End by id 
| eval JobStart=strftime(Start, "%Y-%m-%dT%H:%M:%S.%Q") 
| eval JobEnd=strftime(End, "%Y-%m-%dT%H:%M:%S.%Q") 
| eval Duration=tostring(End-Start, "duration")

i presume each one should have some sort of correlation id.

0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...