hi,
I want to show time taken by a process to complete in seconds on time chart.
sample log entries
4432 [e0] INFO 2013-04-18 05:58:46.764 TM1.Process Process "TI_1" executed by user "Admin"
4432 [e0] INFO 2013-04-18 05:58:55.796 TM1.Process Process "TI_1": finished executing normally, elapsed time 9.02 seconds
4432 [e0] INFO 2013-04-18 06:01:45.400 TM1.Process Process "TI_1" executed by user "Admin"
4432 [e0] INFO 2013-04-18 06:01:55.243 TM1.Process Process "TI_1": finished executing normally, elapsed time 9.84 seconds
4432 [e0] INFO 2013-04-18 06:02:26.038 TM1.Process Process "TI_1" executed by user "Admin"
4432 [e0] INFO 2013-04-18 06:02:28.627 TM1.Process Process "TI_1": finished executing normally, elapsed time 2.59 seconds
Example values of duration from above log entries are 9.02 seconds and 9.84 seconds etc. We want plot these values on chart
Thanks
Two ways to do this:
Easiest way would be to just search for lines that contain the "elapsed time" value in it and chart those values. You can extract the elapsed time with a regular expression:
"finished executing normally" | rex field=_raw "elapsed time (?<myduration>.*\s)seconds " | chart avg(myduration)
If you have multiple process names, you could extract the process name into a field as well and add that into your chart:
"finished executing normally" | rex field=_raw "Process (?<processName>\w+)" | rex field=_raw "elapsed time (?
Of course, use "timechart" instead of "chart" if you want to see the distribution of durations over time. Also. "timechart" does not require the use of a statistical function, but as Ayn points out if you have multiple events occuring during a given time slice on that you will still need to use a stat function.
Probably your best bet on this type of data is to use "table" instead of "chart" or "timechart".
ok so there is no way to plot a chart in a way i want?
I insist on that you do need it. Otherwise timechart would have no idea of how to handle multiple values in a timeslice.
i want to plot time taken by a particular process to complete on chart.if elapsed time is 0.03 seconds this means process took 3 seconds to complete that i want to show with process name.And is it necessary to use function with time chart can i not use something like timechart myduration by Processname?
hi
How can i show process names also | table table _time myduration working fine but i need to show process name also
hi i am not able to match the process which are having name as "}Drill_Sales_Drill"
I matched all the process which are like "TI_1"
any suggestion?
No, chart
needs a statistical function as an argument so you can't just give it a field straight away like that. Also I imagine the poster wants to plot these over time. You could achieve this by skipping the chart commands and using | table _time myduration
at the end.