splunk - Splunk 图表函数在尝试舍入输入时显示零值
问题描述
我一直在尝试在 splunk 中显示图表。我通过 Splunk HTTP Forwarder 上传了我的 json 数据并运行了查询:
上传json数据后,我得到了诸如
"message":{"acplbuild":"ACPL 1.20.1","coresyncbuild":"4.3.10.25","testregion":"EU_Stage","client":"EU_Mac","date":"2019-08-27","iteration":"20","localCreateTime":"6.672","createSyncTime":"135.768","createSearchTime":"0.679","filetype":"CPSD","filesize":"690_MB","filename":"690MB_NissPoetry.cpsd","operation":"upload","upload_DcxTime":"133.196","upload_manifest_time":"133.141","upload_journal_time":"1.753","upload_coresync_time":"135.225","upload_total_time":142.44},"severity":"info"}
我正在尝试运行以下查询
index="coresync-ue1" host="acpsync_allacpl_7" message.testregion=EU_STAGE message.client=EU_Mac message.operation="upload" |eval roundVal = round(message.upload_total_time, 2) | chart median(roundVal) by message.acplbuild
我没有得到任何价值。它应该将四舍五入的中值显示为图表。如果我在这里做错了什么,有人可以指出我。
解决方案
我使用了您指定的相同数据,但在四舍五入 upload_total_time 值时遇到了问题。因此,我首先将其转换为数字,然后 Splunk 搜索查询才起作用。
输入数据集
{"message":{"acplbuild":"ACPL 1.20.1","coresyncbuild":"4.3.10.25","testregion":"EU_Stage","client":"EU_Mac","date":"2019-08-27","iteration":"20","localCreateTime":"6.672","createSyncTime":"135.768","createSearchTime":"0.679","filetype":"CPSD","filesize":"690_MB","filename":"690MB_NissPoetry.cpsd","operation":"upload","upload_DcxTime":"133.196","upload_manifest_time":"133.141","upload_journal_time":"1.753","upload_coresync_time":"135.225","upload_total_time":142.44},"severity":"info"}
{ "message":{"acplbuild":"ACPL 1.20.2","coresyncbuild":"4.3.10.25","testregion":"EU_Stage","client":"EU_Mac","date":"2019-08-27","iteration":"20","localCreateTime":"6.672","createSyncTime":"135.768","createSearchTime":"0.679","filetype":"CPSD","filesize":"690_MB","filename":"690MB_NissPoetry.cpsd","operation":"upload","upload_DcxTime":"133.196","upload_manifest_time":"133.141","upload_journal_time":"1.753","upload_coresync_time":"135.225","upload_total_time":152.44123},"severity":"info"}
{ "message":{"acplbuild":"ACPL 1.20.3","coresyncbuild":"4.3.10.25","testregion":"EU_Stage","client":"EU_Mac","date":"2019-08-27","iteration":"20","localCreateTime":"6.672","createSyncTime":"135.768","createSearchTime":"0.679","filetype":"CPSD","filesize":"690_MB","filename":"690MB_NissPoetry.cpsd","operation":"upload","upload_DcxTime":"133.196","upload_manifest_time":"133.141","upload_journal_time":"1.753","upload_coresync_time":"135.225","upload_total_time":160.456},"severity":"info"}
Splunk 搜索查询
source="sample.json" index="splunk_answers" sourcetype="_json"
| convert num(message.upload_total_time) as total_upld_time
| eval roundVal = round(total_upld_time,2)
| chart median(roundVal) by message.acplbuild
统计视图
可视化视图
推荐阅读
- c - C 语言 fscan 不停止
- jupyter-notebook - Jupyter Lab 窗口未正确显示
- ios - UICollectionViewCell 是方形的,但图像是矩形的
- c# - 应用前预览图形形状
- ruby-on-rails - 无法从 Rails App 迁移到 Heroku
- python - Scipy Optimize - 控制解决方案数组的大小
- python - 如何在 Jupyter notebook (iPython) 中并排显示 2 张图像?
- php - 将javascript变量axios发送到php
- angularjs - 将值从视图(iFrame)传递到angularjs中的控制器
- php - PHP 是否适合长时间执行,例如网络爬取和处理大文件?