Solved: How to create a chart that calculates the time tak...

mm977g · ‎08-26-2015

Given the below log file, I need to create a chart that shows the time taken for a given step. The time is a summation of the count of steps * 15 seconds within a process instance. So for the example log below there are two process instances (2255130 & 2255800) and within each instance there are entries in the log for steps. In instance 2255130, there are two entries for the Step04 identifier and in instance 2255800 there is one entry for None (as the step identifier) and thee entries for the Step01 identifier. Those would translate to:

   2255130.Step04 = 2 entries * 15 seconds graphed by day
   2255800.None = 1 entry * 15 seconds graphed by day
   2255800.Step01 = 3 entries * 15 seconds graphed by day

opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0825.LOG:PSAESRV.16316 (209) [2015-08-25T20:52:27.499](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Running Process Instance=2255130 Current Step=SAD_TEST_PST.Process.Step04
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0825.LOG:PSAESRV.16316 (209) [2015-08-25T20:52:42.506](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Running Process Instance=2255130 Current Step=SAD_TEST_PST.Process.Step04
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0825.LOG:PSAESRV.16316 (209) [2015-08-25T20:52:54.969](3) RunAeAsync service request completed successfully -- Application ID=SAD_TEST_PST Process Instance=2255130
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0825.LOG:PSAESRV.16316 (209) [2015-08-25T20:52:57.533](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Success Process Instance=2255130 Current Step=None
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0826.LOG:PSAESRV.16325 (414) [2015-08-26T11:12:54.558](3) RunAeAsync service request started -- Application ID=SAD_TEST_PST Run Control ID=EOS-SM336 Process Instance=2255800
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0826.LOG:PSAESRV.16325 (414) [2015-08-26T11:13:09.577](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Running Process Instance=2255800 Current Step=SAD_CRT_PGM.LastSchl.Step01
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0826.LOG:PSAESRV.16325 (414) [2015-08-26T11:13:24.586](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Running Process Instance=2255800 Current Step=SAD_3CS_LIB.3Cs.?
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0826.LOG:PSAESRV.16325 (414) [2015-08-26T11:13:39.612](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Running Process Instance=2255800 Current Step=SAD_TEST_PST.SrchMtch.Step01
/opt/apps/psft/cs90/P90SCOR/appserv/prcs/P90SCOR/LOGS/AESRV_0826.LOG:PSAESRV.16325 (414) [2015-08-26T11:13:54.623](0) RunAeProgAsync status -- Application ID=SAD_TEST_PST Status=Running Process Instance=2255800 Current Step=SAD_CRT_PGM.LastSchl.Step01

somesoni2 · ‎08-26-2015

Assuming you already have a field Instance and Step extracted, try something like this

your base search | stats count by Instance Step | eval Duration=count*15

View solution in original post

somesoni2 · ‎08-26-2015

Assuming you already have a field Instance and Step extracted, try something like this

your base search | stats count by Instance Step | eval Duration=count*15

mm977g · ‎08-27-2015

The answer provided showed the right direction to go to resolve this. Thanks

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!