splunksplunk-query
Splunk - Charting average transaction duration (Y-axis) over host (X-axis)
I am using Splunk to chart the average duration of a transaction, for each host, refer to the search query below
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H")
AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| chart avg(duration) by host
I now have a chart with avg(duration) in seconds as the Y-axis, host as the X-axis.
How do I change avg(duration) so that it's expressed in decimal minutes (something like 2.34 mins) instead of the current seconds.
Thanks
Solution
You can modify the avg(duration) to minutes in your Splunk query using eval.
Here's the code :
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H") AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| eval duration=duration/60
| chart avg(duration) by host
Hope my answer will help.
- Regex Substitue only on a specific group - sedcmd (Splunk)
- Regex to only return matches when followed by a specific word
- embeding conf files into helm chart
- How to create a timechart in splunk for the timestamp and extracted field?
- Match regex named group up until optional word
- How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
- Splunk result in Table format
- Splunk: How to compute the difference of timestamps by id?
- SPLUNK: How can I count events by location with a list of SERVERNAME's?
- How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
- Java 11 HttpClient - POST issue
- Flume sink to Splunk?
- Questions related to splunk builtin macros in correlation search
- how to send the local file using splunk forwarder docker image?
- A table of counts of http status by URL
- How do I use a specific date/time in Splunk dashboard with earliest and latest?
- Splunk - Handling a blank token for a dashboard search
- Splunk - Extracting from search results using regex and aggregates
- Splunk - Grouping by distinct field with stats of another field
- Trying to log to Splunk using logback appender
- How can I download infinite results from a Splunk Search to Export the Data
- Regex extraction from Right to Left
- How to use Python via AWS Lambda to send millions (large quantities of data) of events to Splunk
- How to create a timechart with percentages by fields using a Splunk query?
- Splunk: Show all the ids that are present in different events
- How to show nested structures in Splunk table
- Splunk regex filter events only one occurrence of special character
- How to search a given time range for every day in Splunk?
- Splunk Query to list down active users and the knowledge object created by them
- choropleth map does not render in Dashboard Studio but it does in Classic Dashboards