Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Transaction event charting question

ericrobinson
Path Finder
‎06-11-2010 03:35 PM

I was wondering if it is possible to chart results on a per event basis. By this, I mean that I have defined a transaction in my search. Resulting fields from this search include how long an action took, and how many discreet units of work there was in the action. I want to be able to chart, per transactional event, how long and how many. Is this possible?

Tags (2)
0 Karma
Reply

ericrobinson
Path Finder
‎08-24-2010 08:36 PM

Per event along a timeline.. the former. I am not interested in the duration perse.. I am using the transaction command to associate the tran_id.

0 Karma
Reply

gkanapathy
Splunk Employee
Splunk Employee
‎06-12-2010 03:27 AM

You mean per event along a timeline, by time of the transaction? Or just a table?

0 Karma
Reply

Lowell
Super Champion
‎06-11-2010 05:57 PM

Have you tried using xyseries?

Another approach would be to use the chart command. You would still have to specify an aggregate function, but if you have only one value per transaction then the aggregate will return the original value anyways. So you could try:

| chart sum(duration) by transaction_id
0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...