I have a large amount of logs in the following format:
2014-07-30 14:23:51,802 - MyApp - 6 - INFO - Performance - process=Update, timeElapsed=00:00:00.0940611
I have a filter which displays only these entries:
Service=MyApp source="C:\Logs\MyApp-Performance.log" process=Update
Would someone be able to explain how I can update this go that it give me the average timeElapsed across all entries for the selected period?
Apologies, I'm new to this and have tried a few different things but can't seem to figure it out.
Thanks in advance,
Give this a try
Service=MyApp source="C:\Logs\MyApp-Performance.log" process=Update| eval duration=strptime(timeElapsed,"%H:%M:%S.%6Q")-relative_time(now(),"@d") | stats avg(duration) as avgTimeElapsed
The field timeElapsed is string to need to convert it to seconds before calculating avg.
Give this a try
Service=MyApp source="C:\Logs\MyApp-Performance.log" process=Update| eval duration=strptime(timeElapsed,"%H:%M:%S.%6Q")-relative_time(now(),"@d") | stats avg(duration) as avgTimeElapsed
The field timeElapsed is string to need to convert it to seconds before calculating avg.
This worked a charm!
Thank you!
Hi,
you can append an | stats avg(timeElapsed) to your search query.
Yeah, sorry! Did't saw that the field is not properly converted for use with stats. But @somesoni2 got it!
Thanks for the response.
This is one of the things I tried but I just get a message saying "No results found"