waffledood
Reputation: 283
Splunk - Charting average transaction duration (Y-axis) over host (X-axis)
I am using Splunk to chart the average duration of a transaction, for each host, refer to the search query below
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H")
AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| chart avg(duration) by host
I now have a chart with avg(duration) in seconds as the Y-axis, host as the X-axis.
How do I change avg(duration) so that it's expressed in decimal minutes (something like 2.34 mins) instead of the current seconds.
Thanks
Upvotes: 1
Views: 210
Answers (1)
Iliasse
Reputation: 94
You can modify the avg(duration) to minutes in your Splunk query using eval.
Here's the code :
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H") AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| eval duration=duration/60
| chart avg(duration) by host
Hope my answer will help.
Upvotes: 2
Related Questions
- Splunk records join on transaction-id
- Splunk - Group X-axis elements together
- Query for calculating duration between two different logs in Splunk
- how to calculate duration between two events Splunk
- Splunk Charting Data Based on Type
- Avoid using Transaction in splunk queries
- Splunk logging with transaction
- getting the average duration over a group of splunk transactions
- Set up Splunk alert based on average of a field