Sumologic chart for search result

Question

i'm using sumologic. I have this table: query and table

and want to display data in this format:

X axis - timestamp
Y axis - stacked values for duration (group by traceId, so one stacked column consist of first method duration/second method duration/.../n-th method duration for ONE trace id)

I have this query:

_source="http_metrics" and _collector="Hosted collector"
| timeslice 5m
| extract  "traceId\":\"(?<traceId>.*?)\",.*?name\":\"(?<name>.*?)\",.*?timestamp\":(?<timestamp>.*?),.*?duration\":(?<duration>.*?),.*arguments\":(?<arguments>.*?)}" multi
| formatDate(toLong(timestamp), "HH:mm:ss:SSS a") as timestamp
| number(duration)
| values(duration) as duration by traceId, name, timestamp
| transpose row name,timestamp column traceId
| sort by timestamp

How can i get stacked column chart for this issue? I can't use examples from sumologic, because they've used chart with 2 fields - time and error code, in my case i have 3 fields - name, traceId and timestamp (and duration as value)

can you try out this https://help.sumologic.com/05Search/Search-Query-Language/Search-Operators/transpose — Himanshu Tanwar, Aug 19 '21 at 11:58

score 0 · Answer 1 · answered Aug 21 '21 at 18:03

I casted "duration" field to number before getting values, and after that used transpose operator with "row timestamp column name":

  _source="http_metrics" and _collector="Hosted collector"
       | timeslice 5m
       | extract  "traceId\":\"(?.*?)\",.*?name\":\"(?.*?)\",.*?timestamp\":(?.*?),.*?duration\":(?.*?),.*arguments\":(?.*?)}" multi
       | formatDate(toLong(timestamp), "HH:mm:ss:SSS a") as timestamp
       | values(duration) as duration by name, timestamp
       | number(duration)
       | transpose row timestamp column name as *
       | sort by timestamp

Sumologic chart for search result

1 Answers1