下記の様なデータの同時実行数の集計を考えています。
CallID,JoinTime,LeaveTime,CallState
146792,2018-08-01 07:59:19,2018-08-01 08:22:11,COMPLETED
146794,2018-08-01 08:00:00,2018-08-01 09:59:00,COMPLETED
146795,2018-08-01 08:00:00,2018-08-01 09:01:21,COMPLETED
146796,2018-08-01 08:00:08,2018-08-01 08:22:08,COMPLETED
・JoinTime 開始時刻
・LeaveTime 終了時刻
開始時刻と終了時刻の間が実行時間で、同時に実行されているイベントの
タイムチャートを作成したいです。
search文を下記の通り、作成していますが、上手くいきません。
(CallState=COMPLETED host="")
| eval duration=LeaveTime-JoinTime
| concurrency duration=duration start=JoinTime
| timechart max(concurrency)
splunk初心者で申し訳ありませんが、ご教示いただけますと助かります。
English translation:
We are planning to calculate the number of concurrent executions of data as shown below.
CallID, JoinTime, LeaveTime, CallState 146792, 2018-08-01
07: 59: 19, 2018-08-01 08: 22: 11, COMPLETED
146794 , 2018-08-01 08: 00: 00,2018-08-01 09: 59: 00, COMPLETED
146795 , 2018 - 08 - 01 08: 00 : 00, 2018 - 08 - 01 09: 01: 21, COMPLETED
146796 , 2018 - 08 - 01 08: 00: 08 , 2018 - 08 - 01 08: 22: 08, COMPLETED
· JoinTime start time
· Leave time end time
It is the execution time between the start time and the end time,
and I want to create a time chart of the events that are being executed at the same time.
I created a search sentence as below, but I am not going.
(CallState = COMPLETED host = "")
| eval duration = LeaveTime - JoinTime
| concurrency duration = duration start = JoinTime
| timechart max (concurrency)
I am sorry by the beginner, but I am saved if you can teach.
こんにちは。
Timeline ビジュアライゼーションを使うと、もっと簡単にできます。
ご参考ください。
https://splunkbase.splunk.com/app/3120/
source="call_log.csv" index="call" sourcetype="csv"
|eval LeaveTime_e=strptime(LeaveTime,"%Y-%m-%d %H:%M:%S")
|eval JoinTime_e=strptime(JoinTime,"%Y-%m-%d %H:%M:%S")
|eval duration=LeaveTime_e-JoinTime_e
|eval duration=duration*1000
|table JoinTime_e, CallID, duration, duration