Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to create a dashboard to show how many events took 4 seconds, 5 seconds, 7 seconds, etc. from my sample log data?

Abilan1
Path Finder
‎07-24-2015 01:47 AM

Hi,

I need help to create a Dashboard for the below logs. If we look into the below query, we can see that the *SQL Query took 5 seconds, 4 Seconds, 7 seconds. I want to create a single dashboard which should show how many events took 4 seconds, 5 seconds, 7 seconds, etc. Please help me on this one.

2:16:12.759 PM  
29190/-305140880 WRK:TS42CLEA02_F010D210_P5841202   Wed Jul 22 14:16:12.759268  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 5 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/18/15 
10:15:04.328 PM 
15498/-143431984 MAIN_THREAD                        Sat Jul 18 22:15:04.328490  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 4 seconds which is equal to or greater than QueryExecutionTimeThreshold
7/17/15 
7:34:10.839 AM  
25047/-295699600 WRK:TS00TSTR02_E755D828_P42101     Fri Jul 17 07:34:10.839249  dbperfrq.c770
    doQueryDiagnostics: The following SQL query took 7 seconds which is equal to or greater than QueryExecutionTimeThreshold.
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎07-24-2015 02:08 AM

To get the time mentioned in the log, you could use rex (or create a field extraction based on the same regular expression) and do a simple count by that number:

your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime

View solution in original post

Reply
Solved! Jump to solution
Solution

jeffland
SplunkTrust
SplunkTrust
‎07-24-2015 02:08 AM

To get the time mentioned in the log, you could use rex (or create a field extraction based on the same regular expression) and do a simple count by that number:

your_search | rex "SQL\squery\stook\s(?<QueryExecutionTime>\d+)\sseconds" | stats count by QueryExecutionTime
Reply
Solved! Jump to solution

Abilan1
Path Finder
‎07-24-2015 02:22 AM

Thank you Jeff!! It worked.

0 Karma
Reply
Get Updates on the Splunk Community!

Join Us at the Builder Bar at .conf24 – Empowering Innovation and Collaboration

What is the Builder Bar? The Builder Bar is more than just a place; it's a hub of creativity, collaboration, ...

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...