Ashish Sharma
Reputation: 672
Splunk query visualization day wise with megabyte conversion
I tried writing a Splunk query to show the size of DEBUG and WARN log events for all apps, grouped by day, and display a visualization for comparison. The size should be shown in megabytes. Below is the query I came up with:
index="my-index" env="prod" log.level IN ("DEBUG", "WARN")
| search app="org-*"
| eval log_size=len(_raw)
| timechart span=1d sum(log_size) as daily_log_size by app
| eval daily_log_size_mb=round(daily_log_size/1024/1024, 2)
The problem with this query is that the data in the daily_log_size_mb column is still displayed in bytes instead of megabytes, making it difficult for humans to interpret.
Could you please help me in writing the correct query to achieve the desired output?
Upvotes: 1
Views: 11
Answers (0)
Related Questions
- splunk results per day and overall
- Splunk query for showing day wise percentage
- Splunk search query syntax?
- Splunk search query
- How do I multiply a column with different values element wise in splunk
- Splunk: how to query nested values
- Splunk - Stats search count by day with percentage against day-total
- Stats Count Splunk Query
- Splunk query substract time