How to chart concurrent events

tsushi · ‎12-19-2018

Hi,

I have events with start_time, end_time and duration in seconds. These are video calls. I'd like to make a chart to see how many calls are active at any time.

I can do a simple host="Pexip Participant History" local_alias="domain.com*" | timechart count span=5m
But, it's not quite what I need since I only see when the calls were initiated with this.

How can I do this ?

renjith_nair · ‎12-19-2018

@tsushi,

try using the concurrency command

host="Pexip Participant History" local_alias="domain.com*"|concurrency duration=duration start=start_time

Reference : https://docs.splunk.com/Documentation/Splunk/7.2.1/SearchReference/Concurrency

Happy Splunking!

tsushi · ‎12-19-2018

Hi Renjith,

Thanks !

I tried this before making a post, but my search results returned exactly the same.
I scrutinized it now and found a tiny warning triangle on the search page, lol.

Used _time instead and now it works.

DalJeanis · ‎01-02-2019

@tsushi - please accept the answer if your issue is solved. If this answer was not the solution that worked, please write up and post the solution that did, and accept it.

How to chart concurrent events

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!