Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Hourly count of a string with min, max, and avg of time taken in 0.000 sec

runiyal
Path Finder
‎10-23-2015 11:01 AM

In my log file, I have lot of messages saying upload or search got completed in x seconds. Like -

Search Completed successfully in 0.698 seconds
Upload Completed successfully in 2.529 seconds

We need a report that tells us the total count on hourly basis but with it it should also calculate Min/Max/Avg time (second) spent for in each of that operation. Result should be like -

Activity Count Min Max Avg
Upload

Search

Tags (2)
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-23-2015 11:49 AM

Assuming you have no existing extractions, something like this should get you started.

index = foo | rex "(?P<Activity>\w+) Completed successfully in (?P<secs>\d+\.\d+) seconds" | stats count(secs) as Count min(secs) as Min max(secs) as Max avg(secs) as Avg by Activity | table Activity Count Min Max Avg
---
If this reply helps you, Karma would be appreciated.
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...