timechart to display avg time taken by a file and ...

gravi · ‎11-22-2019

I have a time column with time taken to process the file and I need to create a dashboard with chart to display the avg time. If the time taken to process the file increase it should show a spike in the chart.

I have tried
{table search} | bucket _time span=1d | stats avg(ProcessingTime) as AvgTime by _time

But it returns null.

Could you please help?

Thanks

arjunpkishore5 · ‎11-23-2019

Assuming that the field ProcessingTime is present in your data, you can just do this instead of the stats

{table search} 
|timechart span=1d avg(ProcessingTime) as AvgTime

NOTE: Field names are case sensitive

gravi · ‎11-25-2019

Thanks for the reply. But I get 'No results found.'

gravi · ‎11-25-2019

Tried this
chart values(ProcessingTime) as AvgTime by FileName

it gives me results but the avgTime is 0 for all

to4kawa · ‎11-23-2019

HI, There may be no ProcessingTime field

gravi · ‎11-25-2019

we are calculating the processing time as difference of two time fields and it is in the tables search with results

timechart to display avg time taken by a file and spike it when the processing time increases

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases