Dashboards & Visualizations

同時実行イベント数のタイムチャートの作成方法 How to create a time chart of the number of concurrent events

kyamane2015
New Member

下記の様なデータの同時実行数の集計を考えています。
CallID,JoinTime,LeaveTime,CallState
146792,2018-08-01 07:59:19,2018-08-01 08:22:11,COMPLETED
146794,2018-08-01 08:00:00,2018-08-01 09:59:00,COMPLETED
146795,2018-08-01 08:00:00,2018-08-01 09:01:21,COMPLETED
146796,2018-08-01 08:00:08,2018-08-01 08:22:08,COMPLETED

・JoinTime 開始時刻
・LeaveTime 終了時刻

開始時刻と終了時刻の間が実行時間で、同時に実行されているイベントの
タイムチャートを作成したいです。

search文を下記の通り、作成していますが、上手くいきません。
(CallState=COMPLETED host="")
| eval duration=LeaveTime-JoinTime
| concurrency duration=duration start=JoinTime
| timechart max(concurrency)

splunk初心者で申し訳ありませんが、ご教示いただけますと助かります。

English translation:

We are planning to calculate the number of concurrent executions of data as shown below.
CallID, JoinTime, LeaveTime, CallState 146792, 2018-08-01
07: 59: 19, 2018-08-01 08: 22: 11, COMPLETED
146794 , 2018-08-01 08: 00: 00,2018-08-01 09: 59: 00, COMPLETED
146795 , 2018 - 08 - 01 08: 00 : 00, 2018 - 08 - 01 09: 01: 21, COMPLETED
146796 , 2018 - 08 - 01 08: 00: 08 , 2018 - 08 - 01 08: 22: 08, COMPLETED

· JoinTime start time
· Leave time end time

It is the execution time between the start time and the end time,
and I want to create a time chart of the events that are being executed at the same time.

I created a search sentence as below, but I am not going.
(CallState = COMPLETED host = "")
| eval duration = LeaveTime - JoinTime
| concurrency duration = duration start = JoinTime
| timechart max (concurrency)

I am sorry by the beginner, but I am saved if you can teach.

0 Karma

tkomatsubara_sp
Splunk Employee
Splunk Employee

こんにちは。

Timeline ビジュアライゼーションを使うと、もっと簡単にできます。
ご参考ください。
https://splunkbase.splunk.com/app/3120/

source="call_log.csv" index="call" sourcetype="csv"
|eval LeaveTime_e=strptime(LeaveTime,"%Y-%m-%d %H:%M:%S")
|eval JoinTime_e=strptime(JoinTime,"%Y-%m-%d %H:%M:%S")
|eval duration=LeaveTime_e-JoinTime_e
|eval duration=duration*1000
|table JoinTime_e, CallID, duration, duration
0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...