Re: timechart question

xipander · ‎09-01-2011

I'm trying to graph a custom long that gives the round trip time of a web service request. I've got sourcetype="wsping.log" |stats first(RoundTrip) by _time gives me the table with the correct values, but when I try to chart it doesn't show up. I think the problem is that my roundtrip value looks like RoundTrip=00:00:00:12 so it's not showing up in the chart? it logs every second so essentially i need every second/log entry on the x axis and the roundtrip value on the y axis in a line graph so we can see spikes. thanks.

RicoSuave · ‎09-02-2011

Try this:
| eval roundtriptime=strptime(RoundTrip,"%S") | chart avg(roundtriptime) over _time

If that doesn't work try strftime instead

RicoSuave · ‎09-08-2011

Sweet. Glad i could help. Can you accept my answer? 🙂

xipander · ‎09-07-2011

This got me going in the right direction. I had to specify the full strptime values.

RoundTrip | eval roundtriptime=strptime(RoundTrip,"%H:%M:%S:%s") | chart avg(roundtriptime) over _time

RicoSuave · ‎09-01-2011

Are you extracting a field for the actual webservice? I would graph the roundtrip time by webservice over time. Try:

<yoursearch> | timechart avg(RoundTrip) by <yourWebServiceField>

xipander · ‎09-02-2011

Date 09/02/2011 Begin = 08:55:09:13, End = 08:55:09:26, RoundTrip = 00:00:00:12

That's all I have in the log entries, the tables and search results show up right, just the line charts don't. I think it has to do with the way the "times" are formatted it's not graphing them properly?

timechart question

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases