Re: how to calculate xdelay average per mouth

baoamin · ‎04-16-2018

hello

my company start to use splunk to check maillog

Jan 7 11:14:36 mailserver sm-mta[00228]: a070yZwR021222: to=, delay=00:00:25, xdelay=00:00:25, mailer=smtp, pri=0250112, relay=[10.140.12.43] [10.140.12.43],

how to calculate the average xdelay per mouth

please help me

thanks so much

somesoni2 · ‎04-16-2018

Try something like this

Your current search with field _time and xdelay
| convert dur2sec(xdelay)
| timechart span=1mon avg(xdelay) as "AverageXDelay"

adonio · ‎04-16-2018

upvote for the function! dur2sec i will use it!

baoamin · ‎04-16-2018

thank you very much it works

but I also have a question that how to set the value of 0.577539820 like 0.577

thanks so much

adonio · ‎04-16-2018

use the eval round function ....
if it solved it for you, please accept the answer and up vote any comments / answers that you found helpful

adonio · ‎04-16-2018

hello there,

assuming you captured the values for the field xdelay you can try something like this, run it anywhere:

| makeresults count=1
| eval xdelay = "00:00:25, 00:01:13, 02:34:15, 00:32:11, 01:12:12"
| makemv delim="," xdelay
| mvexpand xdelay
| rex field="xdelay" "(?<xdelay_hour>\d{2}):(?<xdelay_min>\d{2}):(?<xdelay_sec>\d{2})"
| eval xdelay_duration_seconds = ((xdelay_hour*3600)+(xdelay_min*60)+xdelay_sec)

now calculate however you want, for example:
| timechart span=1m avg(xdelay_duration_seconds) as avg_xdelay
checkout below screenshot:

hope it helps

how to calculate xdelay average per mouth

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases