Splunk - Charting average transaction duration (Y-axis) over host (X-axis)
I am using Splunk to chart the average duration of a transaction, for each host, refer to the search query below
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H")
AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| chart avg(duration) by host
I now have a chart with avg(duration) in seconds as the Y-axis, host as the X-axis.
How do I change avg(duration) so that it's expressed in decimal minutes (something like 2.34 mins) instead of the current seconds.
Thanks
Solution
You can modify the avg(duration) to minutes in your Splunk query using eval.
Here's the code :
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H") AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| eval duration=duration/60
| chart avg(duration) by host
Hope my answer will help.
- How to determine the length of an array field in Splunk?
- Splunk query to find those final results that has events with unique combination of values of two keys in results of main search criteria
- login-info.cfg Splunk file semantic and structure
- Splunk SignalFX Synthetics: Is it possible to retrieve environment variable values in Javascript
- query splunk query joining 2 data tables
- Form a results table view from splunk multiple logs
- Exclude unnecessary logs being sent to splunk cloud platform
- How to Attach Splunk Search Results In JIra Via Terraform Automation?
- Regex Substitue only on a specific group - sedcmd (Splunk)
- Regex to only return matches when followed by a specific word
- embeding conf files into helm chart
- Splunk Logs for Faster Queries, with Category Boolean true
- How to create a timechart in splunk for the timestamp and extracted field?
- Match regex named group up until optional word
- How can I access the TraceId generated by splunk-otel-collector within an ASP.NET web application?
- Splunk result in Table format
- Splunk: How to compute the difference of timestamps by id?
- SPLUNK: How can I count events by location with a list of SERVERNAME's?
- How to represent difference between same fields from two different and simultaneous searches in a table format in Splunk?
- Java 11 HttpClient - POST issue
- Flume sink to Splunk?
- Questions related to splunk builtin macros in correlation search
- how to send the local file using splunk forwarder docker image?
- A table of counts of http status by URL
- How do I use a specific date/time in Splunk dashboard with earliest and latest?
- Splunk - Handling a blank token for a dashboard search
- Splunk - Extracting from search results using regex and aggregates
- Splunk - Grouping by distinct field with stats of another field
- Trying to log to Splunk using logback appender
- How can I download infinite results from a Splunk Search to Export the Data