knowledge20
Reputation: 1436
Splunk panel showing graph for a specific time range
I am working with splunk. I want to pull logs for an api call for a specific range of time 9.30pm to 12:00 am on daily basis. Also, the average time taken for the call duraing that specific duration.
index="index_a" sourcetype="pqr" source="prq_source" "Success in api response"
Can someone guide me how to handle this how we can fetch for that particular duration for atleast 7 days.
Upvotes: 0
Views: 338
Answers (1)
warren
Reputation: 33435
Something like this should work (so long as you have the automatic field date_hour created by Splunk):
index="index_a" sourcetype="pqr" source="prq_source" "Success in api response" earliest=-7d
| where (date_hour>=21 AND date_minute>=30) OR date_hour>=22
| stats avg(call_duration) as avg_call by success_id
If date_hour & date_minute aren't being automatically supplied by Splunk, you can create them yourself with strftime:
| eval date_hour=strftime(_time,"%H"), date_minute=strftime(_time,"%M")
Upvotes: 1
Related Questions
- Is the a way to customize Splunk's time range selector?
- timechart is crating stats which are not part of the search in splunk
- Splunk: How to get a timechart regarding the extracted _time values for which range() was applied?
- Splunk Enterprise: Exclude certain time ranges for a bigger time range
- How to Cluster and create a timechart in splunk
- How to get splunk report for different time ranges
- Divide two timecharts in Splunk
- Display Splunk Timechart in Local Time
- Splunk - chart 2 time periods on 1 report
- How do I change the timespan in a splunk timechart report?