Hi,
I need help to create a Dashboard for the below logs. If we look into the below query, we can see that the *SQL Query took 5 seconds, 4 Seconds, 7 seconds. I want to create a single dashboard which should show how many events took 4 seconds, 5 seconds, 7 seconds, etc. Please help me on this one.
2:16:12.759 PM
29190/-305140880 WRK:TS42CLEA02_F010D210_P5841202 Wed Jul 22 14:16:12.759268 dbperfrq.c770
doQueryDiagnostics: The following SQL query took 5 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/18/15
10:15:04.328 PM
15498/-143431984 MAIN_THREAD Sat Jul 18 22:15:04.328490 dbperfrq.c770
doQueryDiagnostics: The following SQL query took 4 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/17/15
7:34:10.839 AM
25047/-295699600 WRK:TS00TSTR02_E755D828_P42101 Fri Jul 17 07:34:10.839249 dbperfrq.c770
doQueryDiagnostics: The following SQL query took 7 seconds which is equal to or greater than QueryExecutionTimeThreshold.
To get the time mentioned in the log, you could use rex
(or create a field extraction based on the same regular expression) and do a simple count by that number:
your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime
To get the time mentioned in the log, you could use rex
(or create a field extraction based on the same regular expression) and do a simple count by that number:
your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime
Thank you Jeff!! It worked.