I was trying to create a table like below.
We have a log with below fields,
[Date][PreciseTime][Pid][Tid][TransactionID][Function][SrcFile][Message]
[03/03/2017][07:51:25.098][31255][40510594][faasfa-214d1-ff23r-3f3r43r2-dqwr23][number::invoke][number.java][Leaving the nunber.]
TransactionID is the unique field here. Need to plat time frame like below 0-10ms, 10 -20 ms, 20-30 ms, ..... and display total count of transactions which fall under that time frame.
In the event example above, lets assume faasfa-214d1-ff23r-3f3r43r2-dqwr23(TransactionID) took 25ms it should fall under 20 -30 ms.
I tried something like this,
base search | bucket _time span=1s | timechart count by _time
I see we can go only till seconds in span can we go with milli seconds also here and achieve table like below
Transaction Time Count
10 ms - 20 ms 24
20 ms - 30 ms 95
30 ms - 40 ms 38
40 ms - 50 ms 114
50 ms - 60 ms 1512
60 ms - 70 ms 1075
70 ms - 80 ms 223
80 ms - 90 ms 51
90 ms - 100 ms 32
100 ms - 200 ms 62
200 ms - 300 ms 30
300 ms - 400 ms 23
400 ms - 500 ms 9
500 ms - 600 ms 4
600 ms - 700 ms 9
700 ms - 800 ms 21
800 ms - 900 ms 6
900 ms - 1 sec 3
↧