I need to find the response time for most occuring / most frequest Transaction
So M trying the following query:
index="abc" source="xyz.log" | timechart max(TransRespTime) by TransName | top 5 TransName.
but this query is not showing the result as expected.
I need to display the result in the form of chart / graph.
Anyone can please suggest me the solution.
Thanks in advance..!!
Without knowing your data I'm guessing you're looking for something like this:
index="abc" source="xyz.log" [search index="abc" source="xyz.log" | top 5 TransName | fields TransName] | timechart max(TransRespTime) by TransName
Or this:
index="abc" source="xyz.log" | timechart limit=5 useother=f max(TransRespTime) by TransName
Without knowing your data I'm guessing you're looking for something like this:
index="abc" source="xyz.log" [search index="abc" source="xyz.log" | top 5 TransName | fields TransName] | timechart max(TransRespTime) by TransName
Or this:
index="abc" source="xyz.log" | timechart limit=5 useother=f max(TransRespTime) by TransName
Sorry.. Its working.. I just missed to add sub search thing.. @martin_muller
The search looks correct to me... beyond that, I can't magically look into your system, data, or Splunk logs. You'll have to provide some relevant info to find any issue.
@martin_muller, The first query suggested is not displaying the results.. 😞 could u ple suggest