timechart question

xipander · ‎09-01-2011

I'm trying to graph a custom long that gives the round trip time of a web service request. I've got sourcetype="wsping.log" |stats first(RoundTrip) by _time gives me the table with the correct values, but when I try to chart it doesn't show up. I think the problem is that my roundtrip value looks like RoundTrip=00:00:00:12 so it's not showing up in the chart? it logs every second so essentially i need every second/log entry on the x axis and the roundtrip value on the y axis in a line graph so we can see spikes. thanks.

RicoSuave · ‎09-02-2011

Try this:
| eval roundtriptime=strptime(RoundTrip,"%S") | chart avg(roundtriptime) over _time

If that doesn't work try strftime instead

RicoSuave · ‎09-08-2011

Sweet. Glad i could help. Can you accept my answer? 🙂

xipander · ‎09-07-2011

This got me going in the right direction. I had to specify the full strptime values.

RoundTrip | eval roundtriptime=strptime(RoundTrip,"%H:%M:%S:%s") | chart avg(roundtriptime) over _time

RicoSuave · ‎09-01-2011

Are you extracting a field for the actual webservice? I would graph the roundtrip time by webservice over time. Try:

<yoursearch> | timechart avg(RoundTrip) by <yourWebServiceField>

xipander · ‎09-02-2011

Date 09/02/2011 Begin = 08:55:09:13, End = 08:55:09:26, RoundTrip = 00:00:00:12

That's all I have in the log entries, the tables and search results show up right, just the line charts don't. I think it has to do with the way the "times" are formatted it's not graphing them properly?

timechart question

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms