I have this data below and I want a flow chart of start time and end time on the x-axis and cmd1, cmd2......on the y-axis.
03-25-2015 03:04:31.189, cmd1 = Start_time_of_if
03-25-2015 03:09:31.189, cmd1 = end_time_of_if
03-25-2015 03:12:31.189, cmd2 = Start_time_of_if
03-25-2015 03:17:31.189, cmd2 = end_time_of_if
03-25-2015 03:20:31.189, cmd3 = Start_time_of_grep
03-25-2015 03:24:31.189, cmd3 = end_time_of_grep
03-25-2015 03:27:31.189, cmd4 = Start_time_of_if
03-25-2015 03:32:31.189, cmd4 = end_time_of_if
03-25-2015 03:38:31.189, cmd5 = Start_time_of_sed_command
03-25-2015 03:42:31.189, cmd5 = end_time_of_sed_command
03-25-2015 03:49:31.189, cmd6 = Start_time_of_if
03-25-2015 03:55:31.189, cmd6 = End_time_of_if
Can you please help me solve this question?
I used this search:
|rex field=_raw "^(?P[^ ]+)\s+,\s+(?P\w+)\s+=\s+(?P\w+\s+\w+) of (?P.+)"|eval start_time=if(status="Start time",Time,"")|eval end_time=if(status="end time" OR status="End time",Time,"")|table cmd_name,command,start_time,end_time|stats max(start_time) as start_time,max(end_time) as end_time by cmd_name,command
but I'm getting an error:
The lookup table 'mylookuptable' does not exist. It is referenced by configuration 'my_lookuptype'.
and I've done some configurations for this. Can u please give guidance on how to solve this question?Thank UUUUUUUUUUUUUUUUUUUUU
... View more