英文:
Splunk - Charting average transaction duration (Y-axis) over host (X-axis)
问题
我正在使用Splunk绘制每个主机的平均交易持续时间,参考下面的搜索查询:
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H")
AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| chart avg(duration) by host
我现在有一个图表,其中avg(duration)以秒为单位显示在Y轴上,主机显示在X轴上。
如何将avg(duration)更改为以小数分钟表示(例如2.34分钟),而不是当前的秒数。
谢谢
英文:
I am using Splunk to chart the average duration of a transaction, for each host, refer to the search query below
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H")
AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| chart avg(duration) by host
I now have a chart with avg(duration) in seconds as the Y-axis, host as the X-axis.
How do I change avg(duration) so that it's expressed in decimal minutes (something like 2.34 mins) instead of the current seconds.
Thanks
答案1
得分: 2
你可以使用 eval 将 avg(duration) 修改为分钟单位的 Splunk 查询。以下是代码示例:
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H") AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| eval duration=duration/60
| chart avg(duration) by host
希望我的回答能够帮助到你。
英文:
You can modify the avg(duration) to minutes in your Splunk query using eval.
Here's the code :
(host = "A" OR host = "B" OR host = "C" OR host = "D" OR host = "E" OR host = "F" OR host = "G" OR host = "H") AND source = "logs/BAU.log"
| transaction submission_id startswith="ABC Logic begins" endswith="ABC Logic ended"
| eval duration=duration/60
| chart avg(duration) by host
Hope my answer will help.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论