How to show Total time elapsed time in splunk dash...

karthi2809 · ‎04-02-2024

Hi Guys,

I am using timeline visualization in my Splunk dashboard to show total elapsed time. But in some times its not good. Is there any examples to show Total elapsed time in different visualization .Is there any best way to show Total Elapsed time in graph in splunk dashboard.

IN my splunk Query:

|eventstats min(timestamp) AS Logon_Time, max(timestamp) AS Logoff_Time by correlationId
| eval StartTime=round(strptime(Logon_Time, "%Y-%m-%dT%H:%M:%S.%QZ")) 
| eval EndTime=round(strptime(Logoff_Time, "%Y-%m-%dT%H:%M:%S.%QZ")) 
| eval ElapsedTimeInSecs=EndTime-StartTime 
| eval "Total Elapsed Time"=strftime(ElapsedTimeInSecs,"%H:%M:%S") 

IN my dashboard:
| sort -Timestamp
| eval ElapsedTimeInSecs=ElapsedTimeInSecs*1000
| table Timestamp correlationId Status ElapsedTimeInSecs

ITWhisperer · ‎04-02-2024

Try tostring duration

|eventstats min(timestamp) AS Logon_Time, max(timestamp) AS Logoff_Time by correlationId
| eval StartTime=round(strptime(Logon_Time, "%Y-%m-%dT%H:%M:%S.%QZ")) 
| eval EndTime=round(strptime(Logoff_Time, "%Y-%m-%dT%H:%M:%S.%QZ")) 
| eval ElapsedTimeInSecs=EndTime-StartTime 
| eval "Total Elapsed Time"=tostring(ElapsedTimeInSecs,"duration")

How to show Total time elapsed time in splunk dashboard?

timechart

Enterprise Security Content Update (ESCU) | New Releases

Detecting Remote Code Executions With the Splunk Threat Research Team

Observability | Use Synthetic Monitoring for Website Metadata Verification