Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a dashboard to show how many events took 4 seconds, 5 seconds, 7 seconds, etc. from my sample log data?

Abilan1
Path Finder
‎07-24-2015 01:47 AM

Hi,

I need help to create a Dashboard for the below logs. If we look into the below query, we can see that the *SQL Query took 5 seconds, 4 Seconds, 7 seconds. I want to create a single dashboard which should show how many events took 4 seconds, 5 seconds, 7 seconds, etc. Please help me on this one.

2:16:12.759 PM  
29190/-305140880 WRK:TS42CLEA02_F010D210_P5841202   Wed Jul 22 14:16:12.759268  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 5 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/18/15 
10:15:04.328 PM 
15498/-143431984 MAIN_THREAD                        Sat Jul 18 22:15:04.328490  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 4 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/17/15 
7:34:10.839 AM  
25047/-295699600 WRK:TS00TSTR02_E755D828_P42101     Fri Jul 17 07:34:10.839249  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 7 seconds which is equal to or greater than QueryExecutionTimeThreshold.
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎07-24-2015 02:08 AM

To get the time mentioned in the log, you could use rex (or create a field extraction based on the same regular expression) and do a simple count by that number:

your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime

View solution in original post

Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎07-24-2015 02:08 AM

To get the time mentioned in the log, you could use rex (or create a field extraction based on the same regular expression) and do a simple count by that number:

your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime
Reply
Solved! Jump to solution

Abilan1
Path Finder
‎07-24-2015 02:22 AM

Thank you Jeff!! It worked.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...