Mandroid
Reputation: 7508
Calculating event throughput in splunk
I want to find throughput for target events. I identify my target events by EVENT_PROCESSED. So my query is:
index=myIndex namespace=myNamespace host=myHost log=\*EVENT_PROCESSED* | bucket _time span=1h | chart count(EVENT_PROCESSED)/3600 as throughput by _time
But it doesn't work. Error is:
Error in 'chart' command: The data field 'count(EVENT_PROCESSED)/3600' is malformed.
What mistake am I making here?
Upvotes: 0
Views: 754
Answers (1)
warren
Reputation: 33453
Use timechart:
index=myIndex namespace=myNamespace host=myHost log=\*EVENT_PROCESSED*
| timechart span=1h count(log) as count
###edit - change to field name (log) from field value
Upvotes: 1
Related Questions
- How to calculate time duration between two events in splunk which dont have common element
- Splunk getting average TPS for each service
- how to calculate duration between two events Splunk
- Group events by multiple fields in Splunk
- Splunk: How to Compute Incident Duration Records?
- Calculate mean deviation with Splunk
- Splunk: Stats from multiple events and expecting one combined output
- How to count the total number of events in a splunk search result?
- Splunk - counting numeric information in events
- Splunk - Get Prefefined Outputs Based on the event count and event data