- Splunk Operational Intelligence Cookbook
- Josh Diakun Paul R Johnson Derek Mock
- 223字
- 2025-04-04 16:53:03
How to do it...
Follow these steps to chart the application's functional performance over the past week:
- Log in to your Splunk server.
- Select the Search & Reporting application.
- Ensure that the time range picker is set to Last 24 hours and type the following search into the Splunk search bar. Then, click on Search or hit Enter:
index=main sourcetype=log4j | transaction maxspan=4h threadId | timechart span=6h max(duration) AS max, mean(duration) AS mean, min(duration) AS min
- Splunk will return a tabulated list, detailing the maximum, mean, and minimum database transaction durations for every six-hour period, going back the Last 24 hours, as shown in the following screenshot:
- This is great, but hard to visualize in tabular form. Click on the Visualization tab, and you will see this data represented as a chart.
- Click on the chart type link in the upper-left of the chart (next to the Format link) and select Line if not already selected. Splunk now presents this data in a nice line chart, and we can now see the maximum, mean, and minimum levels much more clearly, as shown in the following screenshot:
- Save this search by clicking on Save As and then on Report. Give the report a name of cp02_application_performance and click on Save. On the next screen, click on Continue Editing to return to the search.