FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to match a timestamp field in a Log

Go to solution
dynaNoob
Frequent Guest

‎07 Dec 2023 05:21 PM - last edited on ‎11 Dec 2023 08:32 AM by Community Team

I am very new to DQL and I am trying to breakdown a time field in a log content

Ex:

content:

WARN, Module 1 has a thread in hung state, Thread hang duration: 00:00:00:32 -

WARN, Module 2 has a thread in hung state, Thread hang duration: 00:00:54:15 -

WARN, Module 3 has a thread in hung state, Thread hang duration: 00:00:1:36 -

I am trying to extract "Thread hang duration" into a time field and if it is over a certain threshold value alert it.

Query used:

fetch logs
| filter contains(content, "hang duration")
| parse content, "LD 'Thread hang duration:' LD:HangDuration SPACE '-'"
| fields content, HangDuration

As you can see I have parsed it with LD which works but if I use any other data type, I get null. I have tried

timestamp, duration while parsing as well as converting it from parsed string like below

| fieldsAdd myHangDuration = toTimestamp(HangDuration)

Labels:
0 Kudos
Reply
1 REPLY 1

Go to solution
gbaudart
DynaMight Champion
DynaMight Champion

‎05 Jan 2024 09:17 PM

Hi @dynaNoob 

do you have try this :

| fieldsAdd myHangDuration = duration(HangDuration, unit:"s")
Observability Consultant - Dynatrace Associate Certified
Reply
Ask a question

Featured Posts