Trying to create a stacked bar graph of my Apache access logs.
Currently I'm using a timechart to get the avg time in seconds (%T) by host as seen below:
index=apache_logs sourcetype=access_combined | rex "\"\\s+(?<seconds>\d+)\/(?<microseconds>\d+) \d+ \d+" | fields + _time, host, seconds | fields - _raw | timechart span=30m avg(seconds) by host
I would like to add the top 5 uri's during each 30 minute span so I can see both the avg time each of my hosts took to serve a request as well as the top 5 most costly uri's.
Was hoping someone could help me modify my original search to add in the top 5 uri_paths or give me some direction to go in in order to build an entirely new one.
I tried using the following documentation to build my graph but could not get it to work.
http://docs.splunk.com/Documentation/Splunk/6.0.2/Search/Chartmultipledataseries
Any help would be appreciated.
... View more